table of Contents
1 Nginx access control
Ip-based access control http_access_module module
Based on user login authentication http_auth_basic_module module
1.1 Nginx access control based on ip
Use the module http_access_module
1.1.1 Allow configuration syntax
syntax: allow address | CIDR | unix: all;
Default: -
Context:http, server, location, limiti_except
1.1.2 Reject configuration syntax
syntax: allow address | CIDR | unix: all;
Default: -
Context:http, server, location, limiti_except
1.1.3 How to use the code
Write permission first, deny all by default; write deny first, and allow all by default.
访问控制配置示例,拒绝指定的IP,其他全部允许
vim /etc/nginx/conf.d/default.conf
location / {
root /html;
deny 192.168.1.1;
deny 192.168.1.0/24;
allow all;
}
访问控制配置示例,只允许谁能访问,其他全部拒绝
location / {
root /html;
allow 192.168.1.1;
allow 192.168.1.0/24;
deny all;
}
[root@nginx_web1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx_web1 ~]# systemctl reload nginx
1.1.4 Test
2.1 Access based on user authentication
Use module: http_auth_basic_module
2.1.1 Configuration syntax
Syntax: | auth_basic string | off; |
---|---|
Default: | auth_basic off; |
Context: | http , server , location , limit_except |
Syntax: | auth_basic_user_file file; |
---|---|
Default: | — |
Context: | http , server , location , limit_except |
2.1.2 Need to install dependent components
[root@nginx_web1 ~]# yum -y install httpd-tools
[root@nginx_web1 ~]# htpasswd -b -c /etc/nginx/.auth_conf(file) oldboy(user) 12345(password) //Create user name
2.1.3 Code usage
vim /etc/nginx/conf.d/default.conf
server {
listen 81;
server_name localhost;
location / {
root /html;
auth_basic "Please enter your username and password"; //添加描述信息
auth_basic_user_file /etc/nginx/.auth_conf; //指定认证文件路径
}