是否在整个网站上启用基本身份验证,然后在子页面上禁用它?

26

我有一个相对简单的配置:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        proxy_pass http://appserver-1;
        proxy_redirect              off;
        proxy_set_header            Host $host;
        proxy_set_header            X-Real-IP $remote_addr;
        proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;

    }

    location /api/ {
        auth_basic          off;
    }
}

目标是在整个网站上使用基本身份验证,除了在/api/子树上。虽然它确实适用于基本身份验证,但其他指令(例如)proxy_pass也未生效/api/

是否可以仅禁用基本身份验证,同时保留其他指令,而无需复制粘贴所有内容?

nginx  http-basic-authentication 
本杰明·沃尔文德(Benjamin Wohlwend)
source

Answers:

26

两个文件呢?

include / proxy.conf将是:

proxy_pass http://appserver-1;
proxy_redirect              off;
proxy_set_header            Host $host;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

和您当前的conf文件:

upstream appserver-1 {
    server unix:/var/www/example.com/app/tmp/gunicorn.sock fail_timeout=0;
}
server {
    listen  80;
    server_name  example.com;

    location / {
        auth_basic                  "Restricted";
        auth_basic_user_file        /path/to/htpasswd;
        include includes/proxy.conf;
    }

    location /api/ {
        auth_basic          off;
        include includes/proxy.conf;
    }
}
cjc
source
9

配置文件

在Nginx 1.4.4中,您需要使用引号off将其auth_basic设置。

location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/passwd;
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

location /api {
    auth_basic "off";
        include /etc/nginx/uwsgi_params;
        uwsgi_pass unix:/tmp/app.sock;
}

创建您的htpasswd / passwd文件

安装apache2-utils,有一个不错的助手应用程序,可以非常快速地为您创建htpasswd文件。http://httpd.apache.org/docs/2.2/programs/htpasswd.html

htpasswd -c -m <filename> <username>
尼克·伍德汉姆斯
source
这确实排除了特定位置,并提示您输入网站其余部分的密码。但是,如果单击“取消”而不是“ 401错误”页面,它将显示我请求的实际页面,但没有任何静态文件。
aexl
4

下面的配置适用于我从磁盘共享文件夹,而无需对共享文件夹进行任何身份验证,而其余站点需要身份验证

server {
        listen       80;
        server_name  localhost;
        root C:\\Users\\Work\\XYZ\\;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        auth_basic "Administrator Login";
        auth_basic_user_file C:\\Users\\Work\\.htpasswd;

        location /share {
            auth_basic "off";
            allow all; # Allow all to see content 
            alias C:\\Users\\sg32884\\Work\\share\\;
        }
}
沙拉德加格
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.