As a high-performance web server, Nginx can be used as a reverse proxy server to provide fast and stable services to the outside world. In the reverse proxy, Nginx needs to connect to the internal Web server to obtain the requested resources, which involves the authentication mechanism of the Web server.
Web server authentication is generally divided into two methods: basic authentication and digest authentication. Basic authentication means that users verify their identity by entering their username and password, and the server verifies this information before allowing access to resources. Digest authentication means that when a user requests a resource, the server returns some random values. The client encrypts these values before requesting the resource. The server verifies the identity by decrypting the encrypted information provided by the client.
In the reverse proxy, the web server that Nginx needs to connect to also needs to carry out the above authentication measures. At this time, we can authenticate the web server by setting proxy verification in the Nginx configuration file:
auth_basic "Input your username and password"; auth_basic_user_file /etc/nginx/conf.d/conf/auth.conf;
where auth_basic
means enabling the verification mechanism and prompting the user to enter the user name and password in the input box, auth_basic_user_file
means specifying The file where the username and password are stored is set in /etc/nginx/conf.d/conf/auth.conf
.
htpasswd -c /etc/nginx/conf.d/conf/Password username
The -c
parameter indicates adding a user for the first time, and username is the user name. , after executing the above command, you will be asked to enter your password. After completion, a user and password will be generated in the Password
file.
htpasswd /etc/nginx/conf.d/conf/Password user2
If the above command is for a Password file that already exists, adding a new user will also ask you to enter the password.
auth_digest "Please Login"; auth_digest_user_file /etc/nginx/conf.d/conf/auth_digest.conf;
auth_digest
means to enable the verification mechanism and prompt the user to enter the user name and password in the input box. auth_digest_user_file
means to specify the file where the user name and password are stored. Here we set it in /etc/nginx/conf.d /conf/auth_digest.conf
.
user1:PasswordRealm:2da86e1b3a8a5511c400d00737a7a233
where user1
is the user name and PasswordRealm
is the password It is combined with the field name corresponding to the encrypted random value. 2da86e1b3a8a5511c400d00737a7a233
is the encrypted ciphertext.
The above is how Nginx implements Web server authentication. Through the above authentication measures, effective protection and security control can be carried out on the Web server to ensure the security and stability of the system.
The above is the detailed content of Authentication mechanism of web server in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!