LNMP Architecture - Nginx user authentication

Keywords: Nginx PHP curl vim

;

A virtual host in nginx for a profile

Create a new virtual host profile

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf / / create a virtual host
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;

location  /
    {
        auth_basic              "Auth";    //Name of user authentication
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;    //User name and password file directory
   }
}

Create directory

[root@dl-001 default]# mkdir /data/www/test.com
[root@dl-001 default]# vim /data/www/test.com/index.html
test.com

Generate password file (using apache's generate password tool htpasswd)

[root@dl-001 default]# yum install -y httpd
[root@dl-001 default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password: 
Re-type new password: 
Adding password for user test

Detect and reload

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

test

// Do not specify user name password access
[root@dl-001 default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

// Specify user name password access
[root@dl-001 default]# curl -x 127.0.0.1:80 -utest:testdl991124 test.com -I 
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com 
test.com

Authenticate to a directory under the virtual host

Modify profile

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;

    // Just modify the location, nothing else will change
    location /admin/
        {
        auth_basic "Auth";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd;
    }
}

Detect and reload

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload

Testing

// test.com
[root@dl-001 default]# curl -x 127.0.0.1:80  test.com
test.com

// The admin directory under test.com needs user authentication
[root@dl-001 default]# curl -x 127.0.0.1:80  test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

Authenticate a file (URL visited) under the virtual host

Modify master profile

[root@dl-001 default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;

    // Just modify the location, and the rest will remain the same. Here, matching admin.php is just a simple representation
    // More complex regularization can be used to show accurate document authentication
    location ~ admin.php
        {
        auth_basic "Auth";
        auth_basic_user_file /usr/local/nginx/conf/htpasswd;
    }
}

Detect and reload

[root@dl-001 default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@dl-001 default]# /usr/local/nginx/sbin/nginx -s reload

test

[root@dl-001 default]# curl -x 127.0.0.1:80  test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

Posted by Carlo Gambino on Sun, 03 May 2020 10:04:17 -0700