nginx 的根目錄 為:/home/undoner/nginx-www
nginx 訪問地址 為:http://127.0.0.1
本文實現對nginx根目錄文件訪問的權限控制
(1)nginx指定密碼文件格式為:“username:password”,但是password不能為明文,必須經過crypt加密,所以需要用工具產生密碼字符串
以下有三種方法:
第一種.
在線直接生成加密字符串:http://tool.oschina.net/htpasswd
第二種
python腳本:“htpasswd.py”,也可以下載。
#!/usr/bin/python """Replacement for htpasswd""" # Original author: Eli Carter import os import sys import random from optparse import OptionParser # We need a crypt module, but Windows doesn't have one by default. Try to find # one, and tell the user if we can't. try: import crypt except ImportError: try: import fcrypt as crypt except ImportError: sys.stderr.write("Cannot find a crypt module. " "Possibly http://carey.geek.nz/code/python-fcrypt/\n") sys.exit(1) def salt(): """Returns a string of 2 randome letters""" letters = 'abcdefghijklmnopqrstuvwxyz' \ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' \ '0123456789/.' return random.choice(letters) + random.choice(letters) class HtpasswdFile: """A class for manipulating htpasswd files.""" def __init__(self, filename, create=False): self.entries = [] self.filename = filename if not create: if os.path.exists(self.filename): self.load() else: raise Exception("%s does not exist" % self.filename) def load(self): """Read the htpasswd file into memory.""" lines = open(self.filename, 'r').readlines() self.entries = [] for line in lines: username, pwhash = line.split(':') entry = [username, pwhash.rstrip()] self.entries.append(entry) def save(self): """Write the htpasswd file to disk""" open(self.filename, 'w').writelines(["%s:%s\n" % (entry[0], entry[1]) for entry in self.entries]) def update(self, username, password): """Replace the entry for the given user, or add it if new.""" pwhash = crypt.crypt(password, salt()) matching_entries = [entry for entry in self.entries if entry[0] == username] if matching_entries: matching_entries[0][1] = pwhash else: self.entries.append([username, pwhash]) def delete(self, username): """Remove the entry for the given user.""" self.entries = [entry for entry in self.entries if entry[0] != username] def main(): """%prog [-c] -b filename username password Create or update an htpasswd file""" # For now, we only care about the use cases that affect tests/functional.py parser = OptionParser(usage=main.__doc__) parser.add_option('-b', action='store_true', dest='batch', default=False, help='Batch mode; password is passed on the command line IN THE CLEAR.' ) parser.add_option('-c', action='store_true', dest='create', default=False, help='Create a new htpasswd file, overwriting any existing file.') parser.add_option('-D', action='store_true', dest='delete_user', default=False, help='Remove the given user from the password file.') options, args = parser.parse_args() def syntax_error(msg): """Utility function for displaying fatal error messages with usage help. """ sys.stderr.write("Syntax error: " + msg) sys.stderr.write(parser.get_usage()) sys.exit(1) if not options.batch: syntax_error("Only batch mode is supported\n") # Non-option arguments if len(args) < 2: syntax_error("Insufficient number of arguments.\n") filename, username = args[:2] if options.delete_user: if len(args) != 2: syntax_error("Incorrect number of arguments.\n") password = None else: if len(args) != 3: syntax_error("Incorrect number of arguments.\n") password = args[2] passwdfile = HtpasswdFile(filename, create=options.create) if options.delete_user: passwdfile.delete(username) else: passwdfile.update(username, password) passwdfile.save() if __name__ == '__main__': main()
第三種
perl腳本:“htpasswd2.pl” ,內容如下:
#!/usr/bin/perl use strict; my $pw=$ARGV[0]; print crypt($pw,$pw)."\n";
(2)若是第一種方法,直接新建文本復制進去就行;若是第二種或第三種,下載或新建文件後,注意添加可執行權限,再執行腳本生成用戶名密碼。
第一種:
將網頁上面的結果(“2eN4uuMHGaLQQ”即“test1”加密後的字符串)直接復制進 htpasswd 文件中
htpasswd內容:test1:2eN4uuMHGaLQQ
第二種:
chmod 777 htpasswd.py ./htpasswd.py -c -b htpasswd username password
htpasswd內容:undoner:dFYOP1Zvmqyfo
第三種:
chmod 777 htpasswd2.pl ./htpasswd2.pl password
可將 ”N1tQbOFcM5fpg“ 復制進 /etc/nginx/htpasswd 文件中,用戶名是明文的,所以設什麼都行,格式如下:
htpasswd內容:test:N1tQbOFcM5fpg
(3)最後將該密碼文件htpasswd復制到nginx的配置文件目錄(也可放其他位置,注意改路徑+改權限),最後nginx裡面添加配置即可。
chmod 777 htpasswd
在sites-available/default添加下面兩行內容:
auth_basic "Password";
auth_basic_user_file /etc/nginx/htpasswd;
location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. auth_basic "Password"; auth_basic_user_file /etc/nginx/htpasswd; charset utf-8; root /home/undoner/nginx-www; index index.html index.htm; autoindex on; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules }
(4)重啟nginx
sudo /etc/init.d/nginx restart