` yum install -y httpd ?htpasswd` #第一需要-c创建,-m强制md5加密# htpasswd -cm /usr/local/nginx/conf/htpasswd aiker New password:
Re-type new password:
第二次,增加用户就不用-c,如果使用了-c就会重置文件,只有一条记录
# htpasswd -m /usr/local/nginx/conf/htpasswd gavin ?New password:
Re-type new password:
Adding password for user gavin
vim /usr/local/nginx/conf/enable-php.conf ???????location ~ [^/]\.php(/|$) ???????{ ???????????try_files $uri =404; ???????????fastcgi_pass ?unix:/tmp/php-cgi-56.sock; ???????????fastcgi_index index.php; ???????????include fastcgi.conf; ???????}**整个网站的认证,auth_basic在php解释之前
**
# vim /usr/local/nginx/conf/vhost/www.123.cn.conf server{ ???listen 80; ???server_name www.123.cn;#注意下面的index.*的顺序,谁在前面,优先解析谁 ???index index.php index.html index.htm; ???root /www/wwwroot/www.123.cn;#下面为认证配置#目录认证location ?/ ???{ ???????auth_basic ?????????????"Auth"; ???????auth_basic_user_file ??/usr/local/nginx/conf/htpasswd;} ????include enable-php.conf;}#因为有 include enable-php.conf;所以上面就不用单独配置php-fpm
curl -I -xlocalhost:80 www.123.cnHTTP/1.1 401 UnauthorizedServer: nginxDate: Mon, 12 Mar 2018 15:06:50 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"# curl -I -xlocalhost:80 www.123.cn -ugavinEnter host password for user ‘gavin‘:HTTP/1.1 200 OKServer: nginxDate: Mon, 12 Mar 2018 15:07:22 GMTContent-Type: text/htmlContent-Length: 3703Last-Modified: Mon, 12 Mar 2018 14:53:42 GMTConnection: keep-aliveVary: Accept-EncodingETag: "5aa69476-e77"Accept-Ranges: bytes#网站下的目录认证
[root@aaa default]# curl -I -xlocalhost:80 www.123.cnHTTP/1.1 200 OKServer: nginxDate: Mon, 12 Mar 2018 15:29:32 GMTContent-Type: text/html; charset=utf-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.6.34[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/HTTP/1.1 401 UnauthorizedServer: nginxDate: Mon, 12 Mar 2018 15:29:40 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/index.phpHTTP/1.1 401 UnauthorizedServer: nginxDate: Mon, 12 Mar 2018 16:09:12 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/tz.phpHTTP/1.1 401 UnauthorizedServer: nginxDate: Mon, 12 Mar 2018 16:09:27 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin/ -uaikerEnter host password for user ‘aiker‘:HTTP/1.1 200 OKServer: nginxDate: Mon, 12 Mar 2018 15:29:49 GMTContent-Type: text/html; charset=UTF-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.6.34#针对指定的文件认证访问,一定注意include enable-php.conf;必须放在localtion条件后面,否则不生效,cat /usr/local/nginx/conf/vhost/www.123.cn.conf ???server{ ???listen 80; ???server_name www.123.cn; ???index index.php index.html index.htm; ???root /www/wwwroot/www.123.cn;location ~ (.*)admin.php$ ????{ ???????auth_basic ?????????????"Auth"; ???????auth_basic_user_file ??/usr/local/nginx/conf/htpasswd;} ???include enable-php.conf;}[root@aaa default]# curl -I -xlocalhost:80 www.123.cn/admin.php ??????HTTP/1.1 401 UnauthorizedServer: nginxDate: Mon, 12 Mar 2018 15:59:50 GMTContent-Type: text/htmlContent-Length: 188Connection: keep-aliveWWW-Authenticate: Basic realm="Auth"如果php解释在前,那么认证就不能生效,如下实例:
# vim /usr/local/nginx/conf/vhost/www.123.cn.confserver{ ???listen 80; ???server_name www.123.cn; ???index index.php index.html index.htm; ???root /www/wwwroot/www.123.cn; ???include enable-php.conf;location ~ (.*)admin.php$ ????{ ???????auth_basic ?????????????"Auth"; ???????auth_basic_user_file ??/usr/local/nginx/conf/htpasswd;}}# curl -I -xlocalhost:80 www.123.cn/admin.php ???HTTP/1.1 200 OKServer: nginxDate: Mon, 12 Mar 2018 15:55:40 GMTContent-Type: text/html; charset=utf-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.6.34实战Nginx web用户认证
原文地址:http://blog.51cto.com/m51cto/2085846