Take you in-depth understanding of nginx basic login authentication (including all configuration steps and in-depth analysis)

moshuying 2021-09-15 06:59:11
in-depth depth understanding nginx basic


Click on the access msy.plus Get a better experience

http The role of basic verification

  1. http Basic authentication will pop up the login window from the browser ,
  2. Simple and clear , Easy to understand ,
  3. For the front desk for end users , Not friendly enough ,
  4. But it is still very useful for the background of internal staff operation , It is usually applied as a layer of safety measures .

Is this login authentication secure ?

auth_basic As an authentication module , stay apache and nginx They are commonly used in , In many systems that do not have their own authentication , Use nginx Of auth_basic Do a simple certification , Is a common operation , Open the auth_basic After certification , At the time of the visit , You will be prompted to enter the user name and password for authentication .

Usually and auth_basic One of the tools used in conjunction is htpasswd, The tool comes from httpd-tools package , It is mainly used to generate users and their password encrypted files

Possible problems

But in htpasswd There was a problem generating the password

You can see htpasswd All in all 4 Encryption algorithm , Namely MD5、bcrypt、CRYPT、SHA, stay httpd-tools 2.2 In the version of the , The default is CRYPT Encryption algorithm for password encryption , and httpd-tools 2.4 In the version of the , The default is to use MD5 For password encryption

Some people say clearly SHA Than MD5 Encryption should be highly secure , Why is MD5 As the default encryption algorithm ?

stay httpd-tools 2.4 The figure of , Last sentence “The SHA algorithm does not use a salt and is less secure than the MD5 algorithm” Translation is , No addition salt Of SHA Algorithm , did not MD5 Security

salt In cryptography , It's called salt , It's a randomly generated string , In a hash without salt , One way to crack it is rainbow table collision , The original password is hashed after adding salt , It can effectively avoid the violent cracking of rainbow table attack

terms of settlement

The safe way to deal with it is , to update httpd-tools To 2.4 edition , Then regenerate the user password pair , Or in the htpasswd When generating a key , Through parameters -m choice md5 Generate a new user password pair by encryption

Simulation verification demonstration

Here, for example, let's create a new site

 domain name : nginx_basic_auth.msy.plus
Login name : admin
password : 12345678
 Copy code 

Just for demonstration , Production environments cannot use this very simple password

Generate files for testing

echo "<h1>welcome to nginx_basic_auth.msy.plus</h1>" >> ./nginx_basic_auth/index.html
 Copy code 

To configure nginx Of http Basic verification

stay nginx.conf Check whether there is a pair conf.d Directory support if it does not exist , Add it

include /usr/local/soft/nginx-1.18.0/conf/conf.d/*.conf;
 Copy code 

explain : In production environment , For management convenience , Will put each server Put it in a dedicated conf In file , Don't mix up and write all about nginx.conf in , Modification and search are inconvenient

Create a website server file

server {
auth_basic "lhdtest.com admin";
auth_basic_user_file /usr/local/soft/nginx-1.18.0/conf/conf.d/admin.pwd;
listen 80;
server_name nginx_basic_auth.msy.plus
root /data/site/admin/html;
index index.html index.shtml index.htm;
access_log /data/nginx/logs/admin.access_log;
error_log /data/nginx/logs/admin.error_log;
}
 Copy code 

Generate the password

nginx Only one password file is required for authentication , It doesn't matter where the password file is generated , So you just need a method that can generate the key

There are many ways , It can be used python It can be used go Or use c

Of course, it can also be generated with various tools , Choose one of the following generation tools you like

Use htpasswd Generate the password Use openssl Generate the password Use python Generate the password

The test results

Get into Website Enter the correct user name and password to enter the website

About nginx If you don't know about configuration items, you can see here

This series of articles

Take you to know more about nginx Basic login authentication ( Contains all configuration steps and in-depth resolution ) Take you to know more about nginx Basic login authentication : Use htpasswd Generate the password Take you to know more about nginx Basic login authentication : Use openssl Generate the password Take you to know more about nginx Basic login authentication : Use python Generate the password

Reference resources

nginx Configure the reverse proxy in a specific path nginx Configure to prohibit access to the directory or files in the directory nginx Cross domain processing

Yours nginx Is login authentication secure ? To configure http Basic verification (Basic Auth) Centos install htpasswd_Nginx Use in htpasswd

版权声明
本文为[moshuying]所创,转载请带上原文链接,感谢
https://qdmana.com/2021/09/20210909124112679x.html

  1. Non-ASCII character ‘\xe5‘ in file kf1.py on line 4, but no encoding declared; see http://python.or
  2. 手把手教你搭建微信小程序服务器(HTTPS)
  3. sqli-labs-less-18 http头user agent+报错注入
  4. Génération de code nest pour l'outil CLI de nestjs
  5. JS | This
  6. Augmentation des variables
  7. The sinking gs8 raises its flag again. GAC motor's sales are falling endlessly. Is it the car or the people?
  8. Ren Hao's lunch at work today is president Hao wearing a sleeveless coat! Clean and handsome!
  9. Summary of basic knowledge points of JavaScript language (mind map)
  10. The new front-end lady asked: there was a 404 problem refreshing the page in Vue routing history mode
  11. Sqli Labs - less - 18 http header user agent + Error Reporting Injection
  12. Vous apprendrez à construire un serveur d'applet Wechat (https) à la main
  13. Non - ASCII character 'xe5' in file kf1.py on Line 4, but no Encoding declared;Voirhttp://python.or
  14. The new front-end lady asked: there was a 404 problem refreshing the page in Vue routing history mode
  15. En tant que programmeur, quelle est la plus grande tristesse que vous ressentez? L'entrevue d'emploi Java de 2021 dans une grande usine vous demandera:
  16. En tant que programmeur, je n'oublie pas le dernier résumé de mon expérience d'entrevue de stage en Java.
  17. Experts suggested that performers work with certificates, which triggered a collective heated debate. It is meaningless to be accused of repeating the mistakes
  18. The new front-end lady asked: there was a 404 problem refreshing the page in Vue routing history mode
  19. The appearance value of 200000 "Odyssey" is less than 100000, and has become the "sales champion" of household MPV
  20. Les programmeurs Java qui sont entrés dans l'entreprise pendant trois mois ont dû faire face à une correction d'échelle, et les octets ont sauté dans le traitement des questions d'entrevue de JD 360 Netease.
  21. 350 questions d'entrevue Android partage, technologie d'architecture de cache
  22. The space is not vulgar, the configuration is rich, the leather is durable, less worry, and the high configuration is less than 100000!
  23. Vous permet de passer rapidement à travers l'entrevue de saut d'octets et d'aller de l'avant
  24. Résumé des questions d'entrevue technique d'Alibaba Baidu et d'autres grandes usines à la fin de l'année, et analyse de la dernière vraie question d'entrevue Android en 2021
  25. Avec cet ensemble de questions d'entrevue Java, l'ensemble de questions de base d'entrevue de bat,
  26. Avec cet ensemble de questions d'entrevue Java, les notes avancées Java de niveau divin sont systématisées,
  27. Opérateurs arithmétiques et opérateurs de comparaison pour JavaScript, Introduction classique au développement web
  28. Explorer le cadre open source Android - 1. Okhttp Source Analysis
  29. Module management of "free and open source" front-end spa project crudapi background management system based on Vue and Quasar (14)
  30. Partager l'expérience de l'examen et du développement de l'arrière - plan, en s'appuyant sur les questions d'entrevue et les réponses,
  31. Site Web pour partager vos expériences d'entrevue, Tencent Bull vous apprend à écrire votre propre cadre Java!
  32. Notes d'étape Android structurées, sélection de vrais problèmes d'entrevue Android
  33. Dictionnaire distribué: communication de cache limitée par le courant, sujets d'entrevue pour certaines questions courantes dans le développement Java,
  34. Tianci girlfriend Tangyuan attended the event for the second time. Her appearance was comparable to that of a star. The audience shouted that Tianci was blessed!
  35. Introduction au JavaScript chapitre 15 (objets, clairvoyance)
  36. La dernière revue scientifique de l'académicien Luo Liqun: architecture de la boucle neuronale pour stimuler la nouvelle Ia
  37. Basic knowledge of components in Vue "I"
  38. J'a i appris quelques petites choses sur l'entrevue et j'ai acheté un tutoriel en 19998.
  39. Dix minutes pour vous faire passer en revue les points de connaissance que Spring demande souvent, le chemin du retour Jedi d'un programmeur âgé de 35 ans,
  40. Want to know the implementation and application of single instance mode in the front end?
  41. Progressive react source code analysis - Implementation of ref API
  42. Webpack5 learning -- code compression
  43. Front and back end data interaction (V) -- what is Axios?
  44. Knowledge points related to react routing
  45. On demand introduction of react antd + customized theme
  46. GPG management submission signature verification
  47. [babylonjs] babylonjs practice (XII) -- drawing lane lines
  48. After brushing the 12 sliding windows, you can tear the front end by hand
  49. Vue fruit bookkeeping - money.vue component
  50. Propriétés et méthodes des objets Array en javascript!,Pseudo - classes et pseudo - éléments pour CSS
  51. JS contains the function code
  52. Typescript record (I)
  53. Take you to learn more about nginx basic login authentication: generating passwords using OpenSSL
  54. Is componentization obsolete? Introduction to micro front end architecture
  55. Leetcode day 18
  56. Simple code to achieve a, 1W + people see the Mid Autumn Festival blessing
  57. Design pattern -- agent pattern
  58. Vs Code theme recommendation in 2021
  59. Mon expérience réelle dans l'externalisation Android à Huawei, préparation de l'entrevue de développement Android
  60. J'ai les questions et les réponses d'entrevue de développement d'octets de rêve et Tencent double offer, Android