Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to configure access restrictions in Nginx. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something from this article.

Introduction to IP-based access control:

By configuring ip-based access control, some ip can be accessed and which ip can not be accessed.

This is the configuration method that allows access

Configuration syntax: allow address | CIDR | unix | all

Default configuration: no configuration

Configuration path: http, server, location, limit_except

This is a configuration that does not allow access

Method configuration syntax: deny address | CIDR | unix | all

Default configuration: no configuration

Configuration path: http, server, location, limit_except

Testing based on IP access restrictions

1. Check the local ip address. If it is a public network, check it on ip138. If it is an experiment, use cmd to check.

two。 Add an admin.html file to the / opt/app/code/ directory, which is a normal admin page with a background color

3. In the / etc/nginx/conf.d/ directory, modify the default.conf file by adding the following

As you can see from the figure above, a location is added to match admin.html, and a configuration based on ip restrictions is set to restrict 192.xx.xx.xx from access, and others can be accessed.

4. Reload nginx

5. Enter the URL in the browser to view the log

6. From the figure above, it has been implemented to restrict the access of a certain ip. If only a certain ip is allowed, you only need to change the keyword.

Example:

1. Server global IP limit

# vi nginx.conf allow 10.115.0.116; # allowed IP deny all

Site-limited IP

# vi vhosts.conf site global limit IP:location / {index index.html index.htm index.php; allow 10.115.0.116; deny all

Site directory restrictions

Location ^ ~ / test/ {allow 10.115.0.116; deny all

Access control based on login user trust

For example, when we access apache information, a user password box pops up to perform a pre-access authentication.

Configuration syntax: auth_basic string | off

Default configuration: auth_basic off

Configuration path: http, server, location, limit_except

Match configuration syntax: auth_basic_user_file filePath

Match default configuration: no configuration

Match configuration paths: http, server, location, limit_except

1. You need to add an identity file, the auth_conf file, which uses a htpasswd tool

Use the command htpasswd-c. / auth_conf root

Explain: htpasswd command-c: the default is to use md5 encryption,. / auth_conf is the specified path and file, and root is the user name.

After entering, the password will be entered twice.

two。 Modify the default.conf configuration file as follows

3. Reload nginx

4. Enter the URL, view the results, and you can see that you need to enter identity information before you can access

After reading the above, do you have any further understanding of how to configure access restrictions in Nginx? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.