nginx configuration mode that can be accessed only by entering user name and password

If we have built some sites under nginx, but we don't want everyone to access them normally due to the site content or traffic, we can set access authentication. Only when the user enters the correct user name and password can he access normally. The effects are as follows:

Under nginx, NGX is provided_ http_ auth_ basic_ Module module implementation allows users to access web content only after entering the correct user name and password. By default, nginx has this module installed. Therefore, the whole process is to first set the user name and password with a third-party tool (the password has been encrypted), then save it to the file, and then open access verification according to the previously saved file in nginx configuration file.

The generated password can use htpasswd or openssl. Let's take htpasswd as an example.

1. Install htpasswd tool

Install directly from yum. You can also choose to compile and install as needed:

yum -y install httpd-tools

Set the user name and password, and save the user name and password to the specified file:

[root@uuu ~]# htpasswd -c /usr/local/src/nginx/passwd coderschool
New password: 
Re-type new password: 
Adding password for user coderschool

Note: the above / usr/local/src/nginx/passwd is the path to generate the password file, and coderschool is the user name. You can set it to other user names as needed. After running the command, you will be asked to enter the password twice in a row. After successful input, you will be prompted that you have added a password for conerschool.

We can see the contents of the last generated password file:

[root@uuu ~]# cat /usr/local/src/nginx/passwd 

The user name is coderschool, and the semicolon is followed by the password (which has been encrypted).

2. Modify nginx configuration file

Find the nginx configuration file. Because we want to enable authentication for the entire site, the first server in the configuration file is modified as follows:

server {
   listen 80;
   server_name  localhost;

   #Add the following two lines
   auth_basic "Please input password"; #Here is the prompt for verification 
   auth_basic_user_file /usr/local/src/nginx/passwd;

    location / {
        index  index.php index.html;
        auth_basic "Please input password"; #Here is the prompt for verification
        auth_basic_user_file /usr/local/src/nginx/passwd;

Then restart nginx:

[root@uuu sbin]# ./nginx -t
nginx: the configuration file /usr/local/src/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/src/nginx/conf/nginx.conf test is successful
[root@uuu sbin]# ./nginx -s reload

After the above configurations are correct, you can visit your site again. If a pop-up window requiring authentication appears, the modification is successful. Here are some parameters of the htpasswd command.

3.htpasswd option parameters

htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password

Description of htpasswd command options and parameters -c create an encrypted file -n do not update the encrypted file, only display the user name and password encrypted by htpasswd command on the screen -m the default htpassswd command uses MD5 algorithm to encrypt the password -The d htpassswd command uses CRYPT algorithm to encrypt the password -The p htpassswd command does not encrypt the password, that is, the plaintext password -The s htpassswd command encrypts the password using the SHA algorithm -B enter the user name and password at the htpassswd command line instead of entering the password at the prompt -D delete the specified user

htpasswd example

a. How to add users using the htpasswd command?

htpasswd -bc ./.passwd tonyzhang pass

Generate a in the current directory passwd file, user name Tony Zhang, password: pass, MD5 encryption is adopted by default

b. How to add the next user in the original password file?

htpasswd -b ./.passwd onlyzq pass

Remove the c option to add a second user after the first user, and so on

c. How to display only the encrypted user name and password without updating the password file?

htpasswd -nb tonyzhang pass

Do not update passwd file, only the user name and encrypted password are output on the screen

d. How to delete user name and password with htpasswd command?

htpasswd -D .passwd tonyzhang

e. How to use htpasswd command to change password?

htpasswd -D .passwd tonyzhang
htpasswd -b .passwd tonyzhang pass

Added by cpetercarter on Tue, 04 Jan 2022 08:54:42 +0200