nginx的access的阶段的access模块、auth_basic模块、auth_request模块及satisfy指令介绍

access 模块

示例从上向下匹配

location / { 
deny 192.168.1.1; 
allow 192.168.1.0/24; 
allow 10.1.1.0/16; 
allow 2001:0db8::/32; 
deny all; 
}

  auth_basic模块 基于用户名密码做认证

安装http-tools 工具

[root@python ~]# htpasswd -cb yt yu 123
Adding password for user yu
[root@python ~]# htpasswd -b yt yutre 123qwe
Adding password for user yutre
[root@python ~]# cat yt 
yu:$apr1$/N3KI0q8$UxOw8KlG1QBO5N2Niryxo0
yutre:$apr1$BAFJsGn2$qKrWI0G6cSzPPIEG4XGPV0

  nginx配置

[root@python vhast]# cat auth_basic.conf 
server {
	server_name auth_basic.com;
	default_type text/plain;
	root html/;
	location /{
		satisfy any;
		auth_basic "tset auth_basic";
		auth_basic_user_file passwd;
		deny all;
	}
}

  auth_request模块 基于第三方库做认证;需要重新编译,默认没有这个模块;

[root@python vhast]# cd ~/nginx-1.15.9/
[root@python nginx-1.15.9]# ./configure --prefix=/data/web --sbin-path=/usr/bin --user=nginx --group=nginx --with-http_stub_status_module --with-http_auth_request_module
checking for OS
[root@python nginx-1.15.9]# make
[root@python nginx-1.15.9]# rm -rf /usr/bin/nginx 
[root@python nginx-1.15.9]# cp objs/nginx /usr/bin/

  原理:收到请求后,生成子请求,通过反向代理技术把请求传递给上游服务器,通过上游服务的响应来判断是否处理这个请求,若上游服务器返回的响应码是2**,则继续执行,若返回401或403;则将响应码返回客户端

指令介绍

Syntax: auth_request uri | off;
Default: auth_request off; 
Context: http, server, location
Syntax: auth_request_set $variable value;
Default: —
Context: http, server, location

  配置

 

server {
        server_name auth_basic.com;
        root html;
        location /iiiii{
                satisfy any;
                auth_basic "tset auth_basic";
                auth_basic_user_file passwd;
                deny all;
        }
        location / {
                auth_request /test_auth;
        }
        location = /test_auth {
                proxy_pass http://127.0.0.1:90;
                proxy_pass_request_body off;
                proxy_set_header Content-Length "";
                proxy_set_header X-Original-URI $request_uri;
        }
}



认证服务器
server {
        listen       90;
        location / {
                return 201 'auth succes';
        }
}

  测试正常返回

测试异常返回

[root@python vhast]# cat test-l.conf 
server {
	listen       90;
	location / {
		return 401 'auth succes';
	}
}

  测试

satisfy指令介绍

Syntax: satisfy all | any;  #all表示3个模块都通过认证才往下走;any表示3个模块任意一个通过就可以通过了
Default: satisfy all; 
Context: http, server, location

  

有return指令,access阶段的指令不会生效

 

posted @ 2019-07-10 16:39  烟雨楼台,行云流水  阅读(608)  评论(0)    收藏  举报