知识大全 nginx中给目录增加密码保护实现程序

Posted 2022-07-18 目录

篇首语：敏而好学，不耻下问。本文由小常识网(cha138.com)小编为大家整理，主要介绍了知识大全 nginx中给目录增加密码保护实现程序相关的知识，希望对你有一定的参考价值。

一款nginx中给目录增加密码保护实现程序可以有效的保护一些目录不被访问有需要的朋友可参考一下

了防止一些可能出现存在漏洞的后台脚本暴露使用验证的方式保护这些文件所在的目录

使用apache的htpasswd工具生成密码

yingouqlj@yingouqlj laptop:~$ htpasswd b c filename username passwdAdding password for user ******

nginx可以为网站或目录甚至特定的文件设置密码认证密码必须是crypt加密的可以用apache的htpasswd来创建密码

格式为 htpasswd b c site_pass username password

site_pass为密码文件放在同nginx配置文件同一目录下当然你也可以放在其它目录下那在nginx的配置文件中就要写明绝对地址或相对当前目录的地址

如果你输入htpasswd命令提示没有找到命令时你需要安装如centos是yum install d

如果是为了给网站加上认证可以直接将认证语句写在nginx的配置server段中

如果是为了给目录加上认证就需要写成目录形式了同时还要在目录中加上php的执行否则php就会被下载而不执行了例如基于整个网站的认证 auth_basic在php解释之前

代码如下复制代码 server listen ; server_name ; root //akii; index inde index php; auth_basic "input you user name and password"; auth_basic_user_file /usr/local/nginx/conf/vhost/nginx_passwd; location ~ php$ fastcgi_pass : ; fastcgi_index index php; include fastcgi_params; location ~ / ht deny all; access_log /logs/akii _access log main;

针对目录的认证在一个单独的location中并且在该location中嵌套一个解释php的location 否则php文件不会执行并且会被下载 auth_basic在嵌套的location之后

代码如下复制代码

server listen ; server_name ; root //akii; index inde index php; location ~ ^/admin/ * location ~ php$ fastcgi_pass : ; fastcgi_index index php; include fastcgi_params; auth_basic "auth"; auth_basic_user_file /usr/local/nginx/conf/vhost/auth/admin pass; location ~ php$ fastcgi_pass : ; fastcgi_index index php; include fastcgi_params; location ~ / ht deny all; access_log /logs/akii _access log main;

这里有一个细节就是location ~ ^/admin/ * … 保护admin目录下的所有文件如果你只设了/admin/ 那么直接输入/admin/index php还是可以访问并且运行的 ^/admin/ * 意为保护该目录下所有文件当然只需要一次认证并不会每次请求或每请求一个文件都要认证一下

附一个可用的bash脚本用于创建密码

代码如下复制代码 #!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH #set UserName username="" read p "Please input UserName:" username if [ "$username" = "" ]; then echo "Error:UserName can t be NULL!" exit fi echo "===========================" echo "UserName was: $username" echo "===========================" #set password unpassword="" read p "Please input the Password:" unpassword if [ "$unpassword" = "" ]; then echo "Error:Password can t be NULL!" exit fi echo "===========================" echo "Password was: $unpassword" echo "===========================" password=$(perl e print crypt($ARGV[ ] "pwdsalt") $unpassword) #set htpasswd file htfile="" read p "Please input Auth filename:" htfile if [ "$htfile" = "" ]; then echo "Error:Auth filename can t be NULL!" exit fi echo "===========================" echo "Auth File:$htfile" echo "===========================" get_char() SAVEDSTTY=`stty g` stty echo stty cbreak dd if=/dev/tty bs= count= > /dev/null stty raw stty echo stty $SAVEDSTTY echo "" echo "Press any key to Creat or Press Ctrl+c to cancel" char=`get_char` if [ ! f $htfile ]; then echo "Create Auth file "cat >$htfile<<eof$username:$passwordeof echo "Create Auth file successful auth file path:$htfile" else echo "File already exists please run this script again " exit fi

命令参数注释:

Usage:

htpasswd [ cmdpsD] passwordfile usernamehtpasswd b[cmdpsD] passwordfile username password

htpasswd n[mdps] usernamehtpasswd nb[mdps] username password c Create a new file n Don’t update file; display results on stdout m Force MD encryption of the password (default) d Force CRYPT encryption of the password p Do not encrypt the password (plaintext) s Force SHA encryption of the password b Use the password from the mand line rather than prompting for it D Delete the specified user

cha138/Article/program/Java/gj/201404/30490