【Nginx认证配置】
一、Nginx的安装配置
[[email protected] ~]# cd /opt/
[[email protected] opt]# ls
apache-flume-1.6.0-bin bigdata gitrepository ORCLfmap redis-3.2.0.tar.gz spark-1.3.1-bin-hadoop2.6 zookeeper-3.4.6.tar.gz apache-flume-1.6.0-bin.tar.gz data
hadoop-2.7.2.tar.gz R-3.0.1 rh spark-1.3.1-bin-hadoop2.6.tgz
apache-flume-1.6.0-bin.tar.gz.1 elasticsearch-2.3.3 jdk1.7.0_79 R-3.0.1.tar.gz scala-2.10.5 sqoop-1.4.6 apache-storm-0.9.6.tar.gz elasticsearch-2.3.3.zip kafka_2.11-0.9.0.1.tgz
redis-3.2.0 scala-2.10.5.tgz sqoop-1.4.6.bin__hadoop-2.0.4-alpha.tar.gz
[[email protected] opt]# wget http://nginx.org/download/nginx-1.12.0.tar.gz
--2017-05-08 14:38:46-- http://nginx.org/download/nginx-1.12.0.tar.gz
Resolving nginx.org... 95.211.80.227, 206.251.255.63, 2606:7100:1:69::3f, ...
Connecting to nginx.org|95.211.80.227|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://211.162.74.230:9011/nginx.org/c3pr90ntc0td/download/nginx-1.12.0.tar.gz [following]
--2017-05-08 14:38:49-- http://211.162.74.230:9011/nginx.org/c3pr90ntc0td/download/nginx-1.12.0.tar.gz
Connecting to 211.162.74.230:9011... connected.
HTTP request sent, awaiting response... 200 OK
Length: 980831 (958K) [application/octet-stream]
Saving to: nginx-1.12.0.tar.gz?
100%[=============================>] 980,831 1.09M/s in 0.9s
2017-05-08 14:38:50 (1.09 MB/s) - 鈔ginx-1.12.0.tar.gzaved [980831/980831]
[[email protected] opt]# ls
nginx-1.12.0.tar.gz redis-3.2.0.tar.gz spark-1.3.1-bin-hadoop2.6.tgz
apache-storm-0.9.6.tar.gz
[[email protected] opt]# tar -zxvf nginx-1.12.0.tar.gz
[[email protected] opt]# cd nginx-1.12.0
[[email protected] nginx-1.12.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[[email protected] nginx-1.12.0]# ./con
conf/ configure contrib/
[[email protected] nginx-1.12.0]# ./configure
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.
解决方案:
[[email protected] nginx-1.12.0]# yum -y install pcre-devel
Total 1.0 MB/s | 517 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : pcre-7.8-7.el6.i686 1/3
Installing : pcre-devel-7.8-7.el6.i686 2/3
Cleanup : pcre-7.8-6.el6.i686 3/3
Verifying : pcre-devel-7.8-7.el6.i686 1/3
Verifying : pcre-7.8-7.el6.i686 2/3
Verifying : pcre-7.8-6.el6.i686 3/3
Installed:
pcre-devel.i686 0:7.8-7.el6
Dependency Updated:
pcre.i686 0:7.8-7.el6
Complete!
[[email protected] nginx-1.12.0]# ./configure
creating objs/Makefile
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
[[email protected] nginx-1.12.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE Makefile man objs README src
[[email protected] nginx-1.12.0]# make
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
-e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
-e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/opt/nginx-1.12.0'
[[email protected] nginx-1.12.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE Makefile man objs README src
[[email protected] nginx-1.12.0]# /usr/nginx/sbin/nginx -t
-bash: /usr/nginx/sbin/nginx: No such file or directory
[[email protected] nginx-1.12.0]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] nginx-1.12.0]# ps -ef | grep nginx
root 8058 2055 0 14:45 pts/0 00:00:00 grep nginx
[[email protected] nginx-1.12.0]# /usr/local/nginx/sbin/nginx
[[email protected] nginx-1.12.0]# ps -ef | grep nginx
root 8060 1 0 14:45 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 8061 8060 0 14:45 ? 00:00:00 nginx: worker process
root 8063 2055 0 14:45 pts/0 00:00:00 grep nginx
[[email protected] nginx-1.12.0]# cd /usr/local/nginx/
[[email protected] nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[[email protected] nginx]# cd conf/
[[email protected] conf]# ls
fastcgi.conf fastcgi_params koi-utf mime.types nginx.conf scgi_params uwsgi_params win-utf
fastcgi.conf.default fastcgi_params.default koi-win mime.types.default nginx.conf.default scgi_params.default uwsgi_params.default
[[email protected] conf]# cat nginx.conf
二、增加用户登录认证
nginx.conf配置文件的核心如下:
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/passwd.db;
}
}
添加用户核心代码
[[email protected] conf]# htpasswd -c /usr/local/nginx/passwd.db gaojs
New password:
Re-type new password:
Adding password for user gaojs
[[email protected] conf]# /usr/local/nginx/sbin/nginx
[[email protected] conf]# cd /usr/local/nginx/
[[email protected] nginx]# ls
client_body_temp conf fastcgi_temp html logs passwd.db proxy_temp sbin scgi_temp uwsgi_temp
[[email protected] nginx]# ls -ls
total 40
4 drwx------. 2 nobody root 4096 May 8 14:44 client_body_temp
4 drwxr-xr-x. 2 root root 4096 May 8 15:02 conf
4 drwx------. 2 nobody root 4096 May 8 14:44 fastcgi_temp
4 drwxr-xr-x. 2 root root 4096 May 8 14:43 html
4 drwxr-xr-x. 2 root root 4096 May 8 14:44 logs
4 -rw-r--r--. 1 root root 20 May 8 15:02 passwd.db
4 drwx------. 2 nobody root 4096 May 8 14:44 proxy_temp
4 drwxr-xr-x. 2 root root 4096 May 8 14:43 sbin
4 drwx------. 2 nobody root 4096 May 8 14:44 scgi_temp
4 drwx------. 2 nobody root 4096 May 8 14:44 uwsgi_temp
[[email protected] nginx]# rm -rf passwd.db
[[email protected] nginx]# /usr/local/nginx/sbin/nginx -s reload
附件:
[[email protected] nginx]# whereis htpasswd
htpasswd: /usr/bin/htpasswd /usr/share/man/man1/htpasswd.1.gz
[[email protected] nginx]# htpasswd -h
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
-c创建一个加密文件。
-n不更新加密文件,只将htpasswd命令加密后的用户名和密码显示在屏幕上。
-m默认htpassswd命令采用MD5算法对密码进行加密,该参数默认情况下可以不加。
-d表示htpassswd命令采用CRYPT算法对密码进行加密。
-s表示htpassswd命令采用SHA算法对密码进行加密。
-p表示htpassswd命令不对密码进行进行加密,即明文密码。
-b表示在htpassswd命令行中一并输入用户名和密码而不是根据提示输入密码。
-D表示删除指定的用户。
[[email protected] nginx]# ls
client_body_temp conf fastcgi_temp html logs passwd.db proxy_temp sbin scgi_temp uwsgi_temp
[[email protected] nginx]# cat passwd.db
gaojs2:Iw02ZoXegS/zI
[[email protected] nginx]#