Nginx the configuration of the authentication password for the Web site or directory in the server _nginx

Nginx can set password authentication for Web sites or directories or even specific files. The password must be crypt encrypted. You can use Apache htpasswd to create a password.

The format is:

Htpasswd-b-C site_pass username password

Site_pass is a password file. Placed in the same directory as the same Nginx configuration file, and of course you can also put it in a different directory, that in the Nginx configuration file, the absolute address or the address of the current directory should be specified.

If you enter the HTPASSWD command prompt and do not find the command, you need to install httpd. If the CentOS can be performed as down-mounted,

Yum Install httpd

If you do not want to install HTTPD, you can use the Perl script (code as follows:)

#! /usr/bin/perl-w  
#filename: add_ftp_user.pl use  
strict;  
#  
print "#example: user:passwd\n";  
while (<STDIN>) {  
  exit if ($_ =~/^\n/);  
  Chomp;  
  (My $user, my $pass) = Split/:/, $_, 2;  
  My $crypt = Crypt $pass, ' $1$ '. Gensalt (8);  
  Print "$user: $crypt \ n";  
}  
Sub Gensalt {my  
  $count = shift;  
  My @salt = ('. ', '/', 0.. 9, ' A '. ' Z ', ' a '. ' Z ');  
  my $s;  
  $s. = $salt [Rand @salt] for (1.. $count);  
  return $s;  
} 

To give executable permissions to a script:

chmod o+x add_user.pl

How to use script:

./add_user.pl
User:password

Paste the generated username password into the/usr/local/nginx/conf/vhost/nginx_passwd file

If it is to add authentication to the site, you can write the authentication statement directly in the Nginx Configuration Server section.

If you want to add authentication to the catalog, you need to write a directory form. At the same time, also in the directory to add php execution, otherwise PHP will be downloaded and not executed.

For example: based on the entire site certification, Auth_basic in PHP before explaining.

Server  
{  
  listen;  
  server_name www.jb51.net jb51.net;  
  root/www/jb51.net;  
  Index index.html index.htm index.php;  
  Auth_basic "Input you user name and password";  
  AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/VHOST/NGINX_PASSWD;  
  Location ~. php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    Fastcgi_index index.php;  
    Include Fastcgi_params;  
  }  
  Location ~/\.ht  
  {  
    deny all;  
  }  
  Access_log/logs/jb51.net_access.log main;  
} 

For directory authentication, the PHP file is not executed and will be downloaded in a separate location and nested in the location to explain PHP location. Auth_basic after the nested location.

Server  
{  
  listen;  
  server_name www.jb51.net jb51.net;  
  root/www/jb51.net;  
  Index index.html index.htm index.php;  
  Location ~ ^/admin/.*  
  {  
  location ~ \.php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    Fastcgi_index index.php;  
    Include Fastcgi_params;  
  }  
  Auth_basic "Auth";  
  Auth_basic_user_file/usr/local/nginx/conf/vhost/auth/admin.pass;  
  }  
  Location ~. php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    Fastcgi_index index.php;  
    Include Fastcgi_params;  
  }  
  Location ~/\.ht  
  {  
    deny all;  
  }  
  Access_log/logs/jb51.net_access.log main;  
} 

Here is a detail that location ~ ^/admin/.* {...} protects all files in the admin directory. If you only set the/admin/then direct input/admin/index.php can still be accessed and run. ^/admin/.* means to protect all files in this directory. Of course, only one certification is required. It does not need to be authenticated every time a request or a file is requested.

htpasswd

Since it is used to the htpasswd, then go with the introduction of its basic use.
htpasswd Parameters

-C creates passwdfile. If the passwdfile already exists, it will write back and delete the original content.
-N Do not update passwordfile, display password directly
-M uses MD5 encryption (default)
-D using crypt encryption (default)
-P uses plain text format passwords
-S uses SHA encryption
-B command line to enter the username and password, instead of the prompt to enter a password, you can see clear text, do not need to interact
-D deletes the specified user
instance
1. How do I add a user using the HTPASSWD command?

#/USR/LOCAL/APACHE/BIN/HTPASSWD-BC LINUXEYE_PD linuxeye_user linuxeye_password
Adding for user password User
# cat linuxeye_pd
linuxeye_user: $apr 1$mugpp3fe$zgsi7/jfqihfxplgqo/wx/

Generate a LINUXEYE_PD file under the current directory, username linuxeye_user, password: Linuxeye_password, by default, MD5 encryption method

2. How to add the next user to the original password file?

#/usr/local/apache/bin/htpasswd-b LINUXEYE_PD linuxeye.com linuxeye.com
Adding for user password
# cat LINUXEYE_PD
linuxeye_user: $apr 1$mugpp3fe$zgsi7/jfqihfxplgqo/wx/
linuxeye.com: $apr 1$/8euopyi$ 4mbxypzotrsdcttdzvtet0

Be sure to remove the-c option, otherwise overwrite the password file and create

3. How to not update the password file, only display the encrypted username and password?

#/usr/local/apache/bin/htpasswd-n Linuxeye
New password:
re-type new password:
linuxeye: $apr 1$bz6gclc4 $zKRap. 0badzzixloxpdnv0
 
#/usr/local/apache/bin/htpasswd-nb Linuxeye linuxeye_password
linuxeye: $apr 1$ Yvngdkgv$qrnlrij.mxiu52vmo.roe1

4. How do I use the htpasswd command to delete a username and password?

#/usr/local/apache/bin/htpasswd-d LINUXEYE_PD linuxeye_user
Deleting password for user Linuxeye_user
# Cat LINUXEYE_PD
linuxeye.com: $apr 1$/8euopyi$4mbxypzotrsdcttdzvtet0

5. How to use the HTPASSWD command to modify the password?

#/usr/local/apache/bin/htpasswd-d LINUXEYE_PD linuxeye.com
Deleting password for user linuxeye.com
#/usr/ Local/apache/bin/htpasswd-b linuxeye_pd linuxeye.com linuxeye_passwd
Adding for user password
# Cat linuxeye_pd
linuxeye.com: $apr 1$74zvb1vc$/b7etmg8xhdpieyj0b0ce.