• Nginx创建密码保护目录


    nginx 的根目录 为:/home/undoner/nginx-www
    nginx 访问地址 为:http://127.0.0.1
    本文实现对nginx根目录文件访问的权限控制


    (1)nginx指定密码文件格式为:“username:password”,但是password不能为明文,必须经过crypt加密,所以需要用工具产生密码字符串

    以下有三种方法:

    第一种.

    在线直接生成加密字符串:http://tool.oschina.net/htpasswd


    第二种

    python脚本:“htpasswd.py”,也可以下载


    #!/usr/bin/python
    """Replacement for htpasswd"""
    # Original author: Eli Carter
    
    import os
    import sys
    import random
    from optparse import OptionParser
    
    # We need a crypt module, but Windows doesn't have one by default.  Try to find
    # one, and tell the user if we can't.
    try:
        import crypt
    except ImportError:
        try:
            import fcrypt as crypt
        except ImportError:
            sys.stderr.write("Cannot find a crypt module.  "
                             "Possibly http://carey.geek.nz/code/python-fcrypt/
    ")
            sys.exit(1)
    
    
    def salt():
        """Returns a string of 2 randome letters"""
        letters = 'abcdefghijklmnopqrstuvwxyz' 
                  'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 
                  '0123456789/.'
        return random.choice(letters) + random.choice(letters)
    
    
    class HtpasswdFile:
        """A class for manipulating htpasswd files."""
    
        def __init__(self, filename, create=False):
            self.entries = []
            self.filename = filename
            if not create:
                if os.path.exists(self.filename):
                    self.load()
                else:
                    raise Exception("%s does not exist" % self.filename)
    
        def load(self):
            """Read the htpasswd file into memory."""
            lines = open(self.filename, 'r').readlines()
            self.entries = []
            for line in lines:
                username, pwhash = line.split(':')
                entry = [username, pwhash.rstrip()]
                self.entries.append(entry)
    
        def save(self):
            """Write the htpasswd file to disk"""
            open(self.filename, 'w').writelines(["%s:%s
    " % (entry[0], entry[1])
                                                 for entry in self.entries])
    
        def update(self, username, password):
            """Replace the entry for the given user, or add it if new."""
            pwhash = crypt.crypt(password, salt())
            matching_entries = [entry for entry in self.entries
                                if entry[0] == username]
            if matching_entries:
                matching_entries[0][1] = pwhash
            else:
                self.entries.append([username, pwhash])
    
        def delete(self, username):
            """Remove the entry for the given user."""
            self.entries = [entry for entry in self.entries
                            if entry[0] != username]
    
    
    def main():
        """%prog [-c] -b filename username password
        Create or update an htpasswd file"""
        # For now, we only care about the use cases that affect tests/functional.py
        parser = OptionParser(usage=main.__doc__)
        parser.add_option('-b', action='store_true', dest='batch', default=False,
            help='Batch mode; password is passed on the command line IN THE CLEAR.'
            )
        parser.add_option('-c', action='store_true', dest='create', default=False,
            help='Create a new htpasswd file, overwriting any existing file.')
        parser.add_option('-D', action='store_true', dest='delete_user',
            default=False, help='Remove the given user from the password file.')
    
        options, args = parser.parse_args()
    
        def syntax_error(msg):
            """Utility function for displaying fatal error messages with usage
            help.
            """
            sys.stderr.write("Syntax error: " + msg)
            sys.stderr.write(parser.get_usage())
            sys.exit(1)
    
        if not options.batch:
            syntax_error("Only batch mode is supported
    ")
    
        # Non-option arguments
        if len(args) < 2:
            syntax_error("Insufficient number of arguments.
    ")
        filename, username = args[:2]
        if options.delete_user:
            if len(args) != 2:
                syntax_error("Incorrect number of arguments.
    ")
            password = None
        else:
            if len(args) != 3:
                syntax_error("Incorrect number of arguments.
    ")
            password = args[2]
    
        passwdfile = HtpasswdFile(filename, create=options.create)
    
        if options.delete_user:
            passwdfile.delete(username)
        else:
            passwdfile.update(username, password)
    
        passwdfile.save()
    
    
    if __name__ == '__main__':
        main()

    第三种

    perl脚本:“htpasswd2.pl”  ,内容如下:

    #!/usr/bin/perl
    use strict;
    my $pw=$ARGV[0];
    print crypt($pw,$pw)."
    ";


    (2)若是第一种方法,直接新建文本复制进去就行;若是第二种或第三种,下载或新建文件后,注意添加可执行权限,再执行脚本生成用户名密码。

    第一种:

    将网页上面的结果(“2eN4uuMHGaLQQ”即“test1”加密后的字符串)直接复制进 htpasswd 文件中

    htpasswd内容:test1:2eN4uuMHGaLQQ

    第二种:

    chmod 777 htpasswd.py
    ./htpasswd.py -c -b htpasswd username password

    比如:./htpasswd.py -c -b htpasswd undoner undoner    ,得到文件:htpasswd ,内容如下(“dFYOP1Zvmqyfo”即“undoner”加密后的字符串):

    htpasswd内容:undoner:dFYOP1Zvmqyfo

    第三种:

    chmod 777 htpasswd2.pl
    ./htpasswd2.pl password

    比如:./htpasswd2.pl test        ,得到密码字符串:N1tQbOFcM5fpg

    可将 ”N1tQbOFcM5fpg“ 复制进 /etc/nginx/htpasswd 文件中,用户名是明文的,所以设什么都行,格式如下:

    htpasswd内容:test:N1tQbOFcM5fpg


    (3)最后将该密码文件htpasswd复制到nginx的配置文件目录(也可放其他位置,注意改路径+改权限),最后nginx里面添加配置即可。

    chmod 777 htpasswd

    在sites-available/default添加下面两行内容:

    auth_basic "Password";           

    auth_basic_user_file /etc/nginx/htpasswd;

    location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    auth_basic "Password";
                    auth_basic_user_file /etc/nginx/htpasswd;
                    charset  utf-8;
                    root    /home/undoner/nginx-www;
                    index   index.html index.htm;
                    autoindex on;
                    # Uncomment to enable naxsi on this location
                    # include /etc/nginx/naxsi.rules
            }
    


    (4)重启nginx

    sudo /etc/init.d/nginx restart


  • 相关阅读:
    拓扑排序
    Frame Stacking 框架堆叠
    第二课 欧几里德算法与扩展欧几里德算法
    欧拉回路
    第一课 快速幂取模
    cookie使用汇总 c设置ookie的生命周期
    .net ArrayList的用法简介
    关于C#的partial修饰符
    sql server修改表结构的sql语句
    Web MVC模式中的基本表单提交
  • 原文地址:https://www.cnblogs.com/wuyida/p/6300872.html
Copyright © 2020-2023  润新知