编程知识 cdmana.com

Take you in-depth understanding of nginx basic login authentication (including all configuration steps and in-depth analysis)

Click on the access msy.plus Get a better experience

http The role of basic verification

  1. http Basic authentication will pop up the login window from the browser ,
  2. Simple and clear , Easy to understand ,
  3. For the front desk for end users , Not friendly enough ,
  4. But it is still very useful for the background of internal staff operation , It is usually applied as a layer of safety measures .

Is this login authentication secure ?

auth_basic As an authentication module , stay apache and nginx They are commonly used in , In many systems that do not have their own authentication , Use nginx Of auth_basic Do a simple certification , Is a common operation , Open the auth_basic After certification , At the time of the visit , You will be prompted to enter the user name and password for authentication .

Usually and auth_basic One of the tools used in conjunction is htpasswd, The tool comes from httpd-tools package , It is mainly used to generate users and their password encrypted files

Possible problems

But in htpasswd There was a problem generating the password

You can see htpasswd All in all 4 Encryption algorithm , Namely MD5、bcrypt、CRYPT、SHA, stay httpd-tools 2.2 In the version of the , The default is CRYPT Encryption algorithm for password encryption , and httpd-tools 2.4 In the version of the , The default is to use MD5 For password encryption

Some people say clearly SHA Than MD5 Encryption should be highly secure , Why is MD5 As the default encryption algorithm ?

stay httpd-tools 2.4 The figure of , Last sentence “The SHA algorithm does not use a salt and is less secure than the MD5 algorithm” Translation is , No addition salt Of SHA Algorithm , did not MD5 Security

salt In cryptography , It's called salt , It's a randomly generated string , In a hash without salt , One way to crack it is rainbow table collision , The original password is hashed after adding salt , It can effectively avoid the violent cracking of rainbow table attack

terms of settlement

The safe way to deal with it is , to update httpd-tools To 2.4 edition , Then regenerate the user password pair , Or in the htpasswd When generating a key , Through parameters -m choice md5 Generate a new user password pair by encryption

Simulation verification demonstration

Here, for example, let's create a new site

 domain name :     nginx_basic_auth.msy.plus
 Login name :    admin
 password :     12345678
 Copy code 

Just for demonstration , Production environments cannot use this very simple password

Generate files for testing

echo "<h1>welcome to nginx_basic_auth.msy.plus</h1>" >> ./nginx_basic_auth/index.html
 Copy code 

To configure nginx Of http Basic verification

stay nginx.conf Check whether there is a pair conf.d Directory support if it does not exist , Add it

include /usr/local/soft/nginx-1.18.0/conf/conf.d/*.conf;
 Copy code 

explain : In production environment , For management convenience , Will put each server Put it in a dedicated conf In file , Don't mix up and write all about nginx.conf in , Modification and search are inconvenient

Create a website server file

server {
    auth_basic "lhdtest.com admin";
    auth_basic_user_file /usr/local/soft/nginx-1.18.0/conf/conf.d/admin.pwd;

    listen       80;
    server_name  nginx_basic_auth.msy.plus
    root         /data/site/admin/html;
    index        index.html index.shtml  index.htm;
    access_log      /data/nginx/logs/admin.access_log;
    error_log       /data/nginx/logs/admin.error_log;
}
 Copy code 

Generate the password

nginx Only one password file is required for authentication , It doesn't matter where the password file is generated , So you just need a method that can generate the key

There are many ways , It can be used python It can be used go Or use c

Of course, it can also be generated with various tools , Choose one of the following generation tools you like

Use htpasswd Generate the password Use openssl Generate the password Use python Generate the password

The test results

Get into Website Enter the correct user name and password to enter the website

About nginx If you don't know about configuration items, you can see here

This series of articles

Take you to know more about nginx Basic login authentication ( Contains all configuration steps and in-depth resolution ) Take you to know more about nginx Basic login authentication : Use htpasswd Generate the password Take you to know more about nginx Basic login authentication : Use openssl Generate the password Take you to know more about nginx Basic login authentication : Use python Generate the password

Reference resources

nginx Configure the reverse proxy in a specific path nginx Configure to prohibit access to the directory or files in the directory nginx Cross domain processing

Yours nginx Is login authentication secure ? To configure http Basic verification (Basic Auth) Centos install htpasswd_Nginx Use in htpasswd

版权声明
本文为[moshuying]所创,转载请带上原文链接,感谢
https://cdmana.com/2021/09/20210909124112679x.html

Scroll to Top