Nginx configuration dual user authentication / Nginx location priority Comments

Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.

This link: https://blog.csdn.net/Powerful_Fy/article/details/102555453

Nginx dual user authentication:
suitable for a number of sites important pages (for example: admin page administrator login), the effect is two-factor authentication before you open an important page enter the account password to verify a user-factor authentication username and password.

Next article described above using WordPress to build personal blog site , for example to configure nginx dual user authentication

To open a personal blog site administrator login page:

modify nginx virtual host configuration file to add the current page wp-login.php dual user authentication:

[root@linux ~]# vi /etc/nginx/conf.d/default.conf 

Add the following:

 location ~ wp-login.php                           
        {
            auth_basic "Auth";
            auth_basic_user_file /etc/nginx/user_passwd;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /data/www/test.blog.com$fastcgi_script_name;
            include        fastcgi_params;
        }

And root, index entry location removed, making it a global configuration:

Due to the configuration content defines the added dual user authentication configured / etc / ngninx / user_passwd, but currently do not have this file, you need to use the htpasswd command to generate the file:

Installation package httpd-tools:

[root@linux ~]# yum -y install httpd-tools

Generate a configuration file and add user authentication:

[root@linux ~]# htpasswd -c /etc/nginx/user_passwd admin1
New password: 
Re-type new password: 
Adding password for user admin1

# User_passwd file and generate increased admin1 user authentication and password, -c parameters: create, for the first time to generate the authentication profile to use

New users need to authenticate using the -m parameter (MD5 encryption):

[root@linux ~]# htpasswd -m /etc/nginx/user_passwd admin2
New password: 
Re-type new password: 
Adding password for user admin2

View user authentication profile to see the account used for authentication added:

[root@linux ~]# cat /etc/nginx/user_passwd 
admin1:$apr1$Qn57LBlw$fE4QyHrsQReHUrSvPdmxs/
admin2:$apr1$VH2Qe1nW$zn.1Hzn3QaF2RwJJDheGN.

Reload nginx:

[root@linux ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux ~]# nginx -s reload

: Open again personal blog site administrator sign-in page can display dual user authentication dialog box

to enter # after the first double administrator account password user authentication background

Nginx location优先级详解：

nginx的location配置：

nginx location语法规则：location [=|~|~*|^~|/] /uri/ { … }
nginx的location匹配的变量是$uri

符号	说明
=	表示精确匹配
^~	表示uri以指定字符或字符串开头
~	表示区分大小写的正则匹配
~*	表示不区分大小写的正则匹配
/	通用匹配，任何请求都会匹配到

优先级规则：

= 高于 ^~ 高于 ~* 等于 ~ 高于 /

规则示例：

location = “/12.jpg” { … }
如：
www.test.com/12.jpg 匹配
www.test/abc/12.jpg 不匹配

location ^~ “/abc/” { … }
如：
www.test/abc/123.html 匹配
www.test.com/a/abc/123.jpg 不匹配

location ~ “png” { … }
如：
www.test.com/aaa/bbb/ccc/123.png 匹配
www.test.com/aaa/png/123.html 匹配

location ~* “png” { … }
如：
www.test.com/aaa/bbb/ccc/123.PNG 匹配
www.test.com/aaa/png/123.html 匹配

location / admin / {...}
as:
www.test.com/admin/aaa/1.php matching
www.test.com/123/admin/1.php mismatch

Comparison / and ~
Example 1:

server{
    listen 80;
    server_name www.test.com;
    root /tmp/123.com;

    location /abc/
    {
        echo "/";
    }
    location ~ 'abc'
    {
        echo "~";
    }
}

Test Command: curl -x127.0.0.1: 80 'www.test.com/abc/1.png'
results are: -

~ ~ And Comparative *
Example 2:

server
{
    listen 80;
    server_name www.test.com;
    root /tmp/123.com;

    location ~ 'abc'
    {
        echo '~';
    }
    location ~* 'abc'
    {
        echo '~*';
    }
}

Test Command: curl -x127.0.0.1: 80 'www.test.com/abc/123.html'
results are: -

Example 3:

server
{
    listen 80;
    server_name www.test.com;
    root /tmp/123.com;

    location ~* 'abc'
    {
        echo '~*';
    }
    location ~ 'abc'
    {
        echo '~';
    }
}

Test Command: curl -x127.0.0.1: 80 'www.test.com/abc/123.html'
results are: * ~

Conclusion: ~ * ~ priority and in fact is the same, if two conditions are satisfied at the same time, the configuration file in which location front, which entered into force.

~ ~ ^ And Comparative
Example 4:

server
{
    listen 80;
    server_name www.test.com;
    root /tmp/123.com;

    location ~ '/abc'
    {
        echo '~';
    }
    location ^~ '/abc'
    {
        echo '^~';
    }
}

Test Command: curl -x127.0.0.1: 80 'www.test.com/abc/123.html
result is: ^ ~

= ^ - and Comparative
Example 5:

server
{
    listen 80;
    server_name www.test.com;
    root /tmp/123.com;

    location ^~ '/abc.html'
    {
        echo '^~';
    }
    location = '/abc.html'
    {
        echo '=';
    }
}

Test Command: curl -x127.0.0.1: 80 'www.test.com/abc.html
result: =