Nginx Authentication Module Ngx_http_auth_basic_module

Ngx_http_auth_basic_module module based on "HTTP Basic Authentication" The protocol completes the user authentication.

Module instruction:

Auth_basic

Auth_basic_user_file

The scope of application of these two directives: http , Server , Location , limit_except

Example:

Location/{

Auth_basic "Closedsite";

AUTH_BASIC_USER_FILECONF/HTPASSWD;

}

Auth_basic directive:

Syntax:auth_basic string | off;

Default:auth_basic off;

Open / Close based on "HTTP Basic Authentication" the user of the Agreement / Password Authentication.

Auth_basic_user_file directive:

Syntax:auth_basic_user_file file;

Default:--

Used to specify the file to save the user name and password, and note the file permissions .

The file format is:

Name1:password1

Name2:password2:comment

Name3:password3

Supported Password types:

• Encrypted with the crypt () function, the tool has htpasswd, OpenSSL passwd

• Apache Variant (APR1) using MD5-based cryptographic algorithms

Using HTPASSWD to achieve NGINX certification

1. Installing HTPASSWD,HTPASSWD is the password generation tool provided by Apache

Yuminstall httpd-tools-y

2. htpasswd usage

$ htpasswd-h

Htpasswd:illegal option--H

Usage:

HTPASSWD[-CIMBDPSDV] [-C Cost] passwordfile username

HTPASSWD-B[CMBDPSDV] [-C Cost] passwordfile username password

HTPASSWD-N[IMBDPS] [-C cost] Username

HTPASSWD-NB[MBDPS] [-C Cost] username password

-C Createa new file.

-N-Don ' tupdate file; Display results on stdout.

-B usethe password from the command line rather than prompting for it.

-I readpassword from stdin without verification (for script usage).

-M ForceMD5 Encryption of the password (default).

-B forcebcrypt Encryption of the password (very secure).

-C setthe Computing time used for the bcrypt algorithm

(Higheris more secure and slower, Default:5, Valid:4 to 31).

-D forcecrypt Encryption of the password (8 chars max, insecure).

-S Forcesha encryption of the password (insecure).

-P Donot Encrypt the password (plaintext, insecure).

-d deletethe specified user.

-V VerifyPassword for the specified user.

3. Create a user password file

[email protected] ~]$ htpasswd-c /etc/nginx/passwd.db xiaoming # # # New password file creation

New Password:

Re-type New Password:

Adding Password for user xiaoming

[email protected] ~]$ htpasswd /etc/nginx/passwd.db Xiaoli # # # Add a new user

New Password:

Re-type New Password:

Adding Password for user Xiaoli

[email protected] ~]$ cat /etc/nginx/passwd.db # # # View file content formats

Xiaoming: $apr 1$OLMGWTMD$KG6FMWRQZCWEJGT/UWXSJ.

Xiaoli: $apr 1$unkijchm$5h6gigl1q.izbq6yodzav1

4. Configure Nginx

Location/{

Auth_basic "Welcome";

auth_basic_user_file/etc/nginx/passwd.db;

}

5. Access to relevant content will be certified

   650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/08/B3/wKiom1nl1oSDZw2SAAAZ63BET1Y888.png "title=" Tim picture 20171017180650.png "alt=" Wkiom1nl1osdzw2saaaz63bet1y888.png "/>
   

   Use the corresponding user name password to log in to access.

Nginx Authentication Module Ngx_http_auth_basic_module