Use Pursuing a dream to build a website, foreground want access to visitors, the background do not want to easily give others access, we can set access authentication to protect the security of the site. While weaving dreams background can modify more complex naming and password can be more complex, but can be a little more security, why do not you get it? We can set only allow the user to enter the correct user name and password to access the normal weaving dreams background. Results are as follows:
In nginx, it provides ngx_http_auth_basic_module modules let users only enter the correct username and password before allowing access to web content. By default, nginx has been the module is installed. So the whole process is to first set up a user name using third-party tools, password (which has been encrypted password), and then saved to a file, and then open the access authentication according to the previously saved file in advance nginx configuration file.
You may be used to generate a password htpasswd, or use openssl. Below htpasswd example.
1. Install htpasswd tool
Yum install directly here, you can compile and install the required options:
yum -y install httpd-tools
Set the user name and password, and save the user name and password to the specified file
htpasswd -c /home/nginx/nginx-server/passwd/passwd username
New password:
Re-type new password:
Note: The above / home / nginx / nginx-server / passwd / password file is generated in the specified path, the latter is the generated password passwd file (named can be customized, is not necessarily passwd), if you want to generate more, for example: passwd1, passwd2 ...., as long as you can remember. username is the user name, you can define your own user name. After running the command will let you enter the password twice in a row. After the input is successful, you will be prompted Adding password for user username
After setting, you can view the contents of the next generation of the password file:
cat /home/nginx/nginx-server/passwd/passwd
It then reported username: ******
username is the user the people, the semicolon is encrypted password you set, so the start you have to remember the password you set.
2. Modify the nginx configuration file
Found nginx configuration files, because we want to be open weave dreams management background verification, ie / dede directory, configuration is as follows:
server {
listen 80;
server_name localhost;
.......
# Increase dede directory encrypted authentication Start
LOCATION / dede {
auth_basic "Please INPUT password"; # This is the message when the authentication
auth_basic_user_file / home / nginx / nginx- server / passwd / passwd; # here is generated password file
}
# Increase dede encrypted authentication directory End
.......
}
Then restart nginx
./Nginx -t // check whether nginx profile configuration successfully
./nginx -s reload // restart nginx
So far successfully modified, as long as you enter the domain name of your site, do not need to be encrypted authentication, but once you enter the url you weave dreams management background, it will pop up a window needs to be encrypted authentication.
If your dream weaving dede back catalog be modified, and that location / dede dede will be changed in that you have modified directory.
If you want to also encrypt other directories, you can also use this method, but you will need dede directory to be encrypted authentication directory.
If you want to encrypt authenticate access to the entire site, it will nginx configuration file is modified as follows:
server {
listen 80;
server_name localhost;
.......
# Increase encrypted authentication Start
auth_basic "Please password INPUT"; # here when the message is verified
auth_basic_user_file / home / nginx / nginx- server / passwd / passwd; # here is generated password file
# Increase encrypted authentication End
.......
}
Then restart nginx
./Nginx -t // check whether nginx profile configuration successfully
./nginx -s reload // restart nginx
Finally, revisit the url require authentication, if authentication is required to explain the emergence of pop modify a success.
3.htpasswd option parameters
The htpasswd command is to introduce some of the parameters, you can not see.
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c create an encrypted file
-n Do not update encrypted files, only the user name password to encrypt the htpasswd command is displayed on the screen
by default -m htpassswd command uses the MD5 algorithm to encrypt the password
-d htpassswd command takes CRYPT algorithm to encrypt the password
-p htpassswd command does not encrypt passwords that plaintext password
-s htpassswd command SHA algorithm to encrypt the password
-b htpassswd the command line, along with a user name and password prompt for a password rather than
deleting -D the specified user
htpasswd examples
a, how to use the htpasswd command to add users?
htpasswd -bc ./.passwd tonyzhang pass
.Passwd generate a file in the current directory, user name tonyzhang, password: pass, defaults MD5 encryption
b, how to increase the next user in the original password file?
htpasswd -b ./.passwd onlyzq pass
C remove the option to add a second user after the first user, and so on
c, how not to update the password file to display only the encrypted user name and password?
htpasswd -nb tonyzhang pass
.Passwd not update the file, output only after the user name and password encrypted on the screen
d, how to use the htpasswd command to delete a user name and password?
htpasswd -D .passwd tonyzhang
e, how to use the htpasswd command to change the password?
htpasswd -D .passwd tonyzhang
htpasswd -b .passwd tonyzhang pass