一款nginx中给目录增加密码保护实现程序
可以有效的保护一些目录不被访问
有需要的朋友可参考一下
了防止一些可能出现存在漏洞的后台脚本暴露使用验证的方式保护这些文件所在的目录
使用apache的htpasswd工具生成密码
yingouqlj@yingouqljlaptop:~$ htpasswd b c filename username passwd
Adding password for user ******
nginx可以为网站或目录甚至特定的文件设置密码认证密码必须是crypt加密的可以用apache的htpasswd来创建密码
格式为htpasswd b c site_pass username password
site_pass为密码文件放在同nginx配置文件同一目录下当然你也可以放在其它目录下那在nginx的配置文件中就要写明绝对地址或相对当前目录的地址
如果你输入htpasswd命令提示没有找到命令时你需要安装如centos是yum install httpd
如果是为了给网站加上认证可以直接将认证语句写在nginx的配置server段中
如果是为了给目录加上认证就需要写成目录形式了同时还要在目录中加上php的执行否则php就会被下载而不执行了
例如基于整个网站的认证auth_basic在php解释之前
代码如下复制代码 server {
listen
;
server_name ;
root /www/akii;
index inde index
php;
auth_basic "input you user name and password";
auth_basic_user_file /usr/local/nginx/conf/vhost/nginx_passwd;
location ~
php$ {
fastcgi_pass
:
;
fastcgi_index index
php;
include fastcgi_params;
}
location ~ /
ht {
deny all;
}
access_log /logs/akii
org_access
log main;
}
针对目录的认证在一个单独的location中并且在该location中嵌套一个解释php的location否则php文件不会执行并且会被下载auth_basic在嵌套的location之后
代码如下复制代码
server {
listen ;
server_name ;
root /www/akii;
index inde indexphp;
location ~ ^/admin/* {
location ~ php$ {
fastcgi_pass :;
fastcgi_index indexphp;
include fastcgi_params;
}
auth_basic "auth";
auth_basic_user_file /usr/local/nginx/conf/vhost/auth/adminpass;
}
location ~ php$ {
fastcgi_pass :;
fastcgi_index indexphp;
include fastcgi_params;
}
location ~ /ht {
deny all;
}
access_log /logs/akiiorg_accesslog main;
}
这里有一个细节就是location ~ ^/admin/* {…} 保护admin目录下的所有文件如果你只设了/admin/ 那么直接输入/admin/indexphp还是可以访问并且运行的 ^/admin/* 意为保护该目录下所有文件当然只需要一次认证并不会每次请求或每请求一个文件都要认证一下
附一个可用的bash脚本 用于创建密码
代码如下复制代码 #!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#set UserName
username=""
read
p "Please input UserName:" username
if [ "$username" = "" ]; then
echo "Error:UserName can
t be NULL!"
exit
fi
echo "==========================="
echo "UserName was: $username"
echo "==========================="
#set password
unpassword=""
read
p "Please input the Password:" unpassword
if [ "$unpassword" = "" ]; then
echo "Error:Password can
t be NULL!"
exit
fi
echo "==========================="
echo "Password was: $unpassword"
echo "==========================="
password=$(perl
e
print crypt($ARGV[
]
"pwdsalt")
$unpassword)
#set htpasswd file
htfile=""
read
p "Please input Auth filename:" htfile
if [ "$htfile" = "" ]; then
echo "Error:Auth filename can
t be NULL!"
exit
fi
echo "==========================="
echo "Auth File:$htfile"
echo "==========================="
get_char()
{
SAVEDSTTY=`stty
g`
stty
echo
stty cbreak
dd if=/dev/tty bs=
count=
> /dev/null
stty
raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "Press any key to Creat
or Press Ctrl+c to cancel"
char=`get_char`
if [ !
f $htfile ]; then
echo "Create Auth file
"
cat >$htfile<<eof
$username:$password
eof
echo "Create Auth file successful
auth file path:$htfile"
else
echo "File already exists
please run this script again
"
exit
fi
命令参数注释:
Usage:
htpasswd [cmdpsD] passwordfile username
htpasswd b[cmdpsD] passwordfile username password
htpasswd n[mdps] username
htpasswd nb[mdps] username password
c Create a new file
n Don’t update file; display results on stdout
m Force MD encryption of the password (default)
d Force CRYPT encryption of the password
p Do not encrypt the password (plaintext)
s Force SHA encryption of the password
b Use the password from the command line rather than prompting for it
D Delete the specified user
b 使用命令行处理
