Sometimes, for security purposes, we do not want to expose the background address of our website, so we usually hide the background address. For example, for some open-source cms, if it is through http: // www. Your domain name/admin. php? M = admin. php can be changed to another file name that is not easy to guess, but it cannot be changed for some cms, because many places use this dead path, such as wordpress, the backend access path is generally http: // www. your domain name/wp-admin/or http: // www. your domain name/wp-login.php, wp-admin and wp-login.php is not convenient to change, changed to the original program file, so inconvenient to upgrade, and do not know how much to change.
Therefore, we hope that we can enter the user name and password before entering the background address when accessing our background. Next, we will take nginx as an example to illustrate how to add user name and password authentication to a directory, access the directory of a specific web site through user name and password authentication, and encrypt the background directory.
We implemented it through nginx's auth_basic. Therefore, we need to set it in the nginx virtual host configuration file. For friends who use the virtual host, there is no way. Taking wordpress as an example, the background address of wordpress is http: // www. your domain name/wp-admin/And the logon page http: // www. your Domain/wp-login.php, so we want to encrypt the admin file directory, or there is wp-login.php path encryption.
[1] set the password file.
First, we need to set a password file. The password is generated by using htpasswd. Let's use php directly to generate the password. Create a php file and enter the code
// Replace two 123 in the code with your access password
The code is as follows: |
Copy code |
Echo crypt ('20140901', base64_encode ('20160901'); // Obtain MTTuFPm3y4m2o
|
We get a string MTTuFPm3y4m2o, which is the key after 123 encryption.
[2] create a file pass in the/home/mypwd/directory on the server. The user name is test and the password is 123.
The code is as follows: |
Copy code |
Cd/home/mypwd/ Vi pass
|
[/Php]
Enter
The code is as follows: |
Copy code |
Test: MTTuFPm3y4m2o
|
Test is the user name, followed by a colon:, and then the key encrypted to 123
Then exit and save the file.
: Wq
In this way, we define the file for storing the user name and password.
[3] set in the nginx virtual host configuration file
Open the configuration file of your site. The general path is under the conf/vhost/directory under the installation path.
Open the configuration file,
Vi test. Your domain name
The configuration information already exists. Add the configuration in it.
The code is as follows: |
Copy code |
Location/admin /{ Auth_basic 'Hello, zhoumanhe! '; Auth_basic_user_file/home/mypwd/pass; } Location/wp-login.php { Auth_basic 'Hi, zhou manhe. welcome back! '; Auth_basic_user_file/home/mypwd/pass; }
|
Description: the prompt message is followed by auth_basic. The path to your file storing the user name and password is followed by auth_basic_user_file.
Save and restart nginx. If the restart prompt is incorrect, it may be that the configuration file has been written. Go back and check it. If OK, test it! This indicates that half is successful. Why is it half done ?!!
[4] handling unexpected situations
Enter your username and password. Is the logon address on the background displayed? Some of my friends may encounter the 500 error. I 've been struggling with this for a long time... If the configuration file is wrong, an error will be reported during restart. I checked it online and said that 500 may be due to a wrong rewrite rule for the configuration file. Check it. That's right... Later, I checked the nginx log file. The error is:
15868 #0: * 5606 open () "/home/mypwd/pass" failed (13: Permission denied ).....;
Baidu once again, the permission to read the file is insufficient. In the linux command line, check the nginx process.
The code is as follows: |
Copy code |
Ps-aux | grep nginx |
It is found that the master process of nginx is a root user, but the worker process is a nobody user, and my nginx is a root user. By default, the worker process is used to read files, although I have granted 777 permissions, I still cannot (do not understand why), so I want to change the worker process to root, so that I can access it.
Open the nginx configuration file, find the conf/nginx. conf file in the nginx installation directory, find # user nobody, or change it to user root. Restart nginx and try again. Is it successful?
Case
Normal: pass. Your domain name, the path to be encrypted pass. Your domain name/admin, User Name: zhou, password: 123