1、有些軟件本身沒有自帶用戶體系,我們可以通過nginx的ngx_http_auth_basic_module模塊(nginx默認安裝了這個模塊)帶的auth_basic、auth_basic_user_file兩個指令實現簡單的用戶驗證!
語法: auth_basic string | off;
默認值: auth_basic off;
配置段: http, server, location, limit_except
默認表示不開啟認證,后面如果跟上字符,這些字符會在彈窗中顯示。
語法: auth_basic_user_file file;
默認值: —
配置段: http, server, location, limit_except
這里需要注意 auth_basic_user_file 指令用來配置密碼存儲的文件,文件路徑需要絕對路徑,如果是相對路徑就會一直報403 forbidden!
2、密碼文件生成
可以通過htpasswd或者openssl生成密碼文件,以htpasswd為例:
htpasswd --help Usage: htpasswd [-cimBdpsDv] [-C cost] passwordfile username htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password htpasswd -n[imBdps] [-C cost] username htpasswd -nb[mBdps] [-C cost] username password -c Create a new file. -n Don't update file; display results on stdout. -b Use the password from the command line rather than prompting for it. -i Read password from stdin without verification (for script usage). -m Force MD5 encryption of the password (default). -B Force bcrypt encryption of the password (very secure). -C Set the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 17). -d Force CRYPT encryption of the password (8 chars max, insecure). -s Force SHA encryption of the password (insecure). -p Do not encrypt the password (plaintext, insecure). -D Delete the specified user. -v Verify password for the specified user. On other systems than Windows and NetWare the '-p' flag will probably not work. The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
常用的參數:
-c創建一個新文件
-m使用MD5加密,默認
-p密碼不加密
對於指令auth_basic_user_file不支持 plaintext密碼,會一直報錯 密碼不對!
3、正常操作
