大佬教程收集整理的这篇文章主要介绍了Nginx – PHP脚本上的基本http身份验证,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我添加了一个用作“cgi-bin”的php脚本,
组态:
LOCATIOn ~^/cgi-bin/.*\.(cgi|pl|py|rb) {
gzip off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index cgi-bin.php;
fastcgi_param SCRIPT_FILename /etc/Nginx/cgi-bin.php;
fastcgi_param SCRIPt_name /cgi-bin/cgi-bin.php;
fastcgi_param X_SCRIPT_FILename /usr/lib/$fastcgi_script_name;
fastcgi_param X_SCRIPt_name $fastcgi_script_name;
fastcgi_param QUERY_StriNG $query_String;
fastcgi_param requEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE Nginx;
fastcgi_param requEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_USER $remote_user;
}
php脚本:
<>php
$descriptorspec = array(
0 => array("pipe","r"),// stdin is a pipe that the child will read from
1 => array("pipe","w"),// stdout is a pipe that the child will write to
2 => array("pipe","w") // stderr is a file to write to
);
$newenv = $_SERVER;
$newenv["SCRIPT_FILename"] = $_SERVER["X_SCRIPT_FILename"];
$newenv["SCRIPt_name"] = $_SERVER["X_SCRIPt_name"];
if (is_executable($_SERVER["X_SCRIPT_FILename"])) {
$process = proc_open($_SERVER["X_SCRIPT_FILename"],$descriptorspec,$pipes,NULL,$newenv);
if (is_resource($process)) {
fclose($pipes[0]);
$head = fgets($pipes[1]);
while (strcmp($head,"\n")) {
header($head);
$head = fgets($pipes[1]);
}
fpassthru($pipes[1]);
fclose($pipes[1]);
fclose($pipes[2]);
$return_value = proc_close($process);
}
else {
header("Status: 500 Internal Server Error");
echo("Internal Server Error");
}
}
else {
header("Status: 404 Page Not Found");
echo("Page Not Found");
}
?>
它的问题是我无法添加基本身份验证.
一旦我为位置〜/ cgi-bin启用它,当我尝试查找它时,它会给我一个404错误.
我怎么解决这个问题?
我想限制只访问我的第二台服务器,然后我在代理上添加基本身份验证,但必须有一个更简单的解决方案.
抱歉标题不好,我想不出更好的一个.
编辑:我的解决方案,感谢WerkkreWs answer,最终看起来像这样:
CGI-bin.conf:
LOCATIOn ~^/.*\.(cgi|pl|p<|rb) {="" [...]="" }="">vhost.conf:
server {
[...]
LOCATIOn ~^/cgi-bin {
auth_basic "ReStricted";
auth_basic_user_file htusers;
include cgi-bin.conf;
}
[...]
}
这可能是不安全的,因为cgi-bin.conf可能会意外地包含在服务器标签中(从而使每个客户端都能在每个位置执行脚本),但由于我只使用它一次,我将坚持使用此解决方案.
首先,除此之外,您应该考虑将所有fastcgi参数放在Nginx可访问的configurastion文件中以便于使用(例如/etc/Nginx/conf.d/fastcgi_params).
其次,根据你如何设置auth与php部分的位置块,你可能需要指示Nginx如何在受保护的位置再次处理php文件,或者确保auth_basic指令在例如,与上面粘贴的位置块相同的位置块(取自上述帖子):
server {
listen 80;
server_name my-awesome-php.site;
root /path/to/root;
# normal files (blank LOCATIOn is OK,just means serve from root)
LOCATIOn / { }
# php for normal stuff
LOCATIOn ~ \.php${
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
}
# The protected LOCATIOn
LOCATIOn /protected {
auth_basic "Give me codes.";
auth_basic_user_file /path/to/.htpasswd;
LOCATIOn ~ \.php${
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
}
}
}
在我个人安装的Nginx上我使用的是php-fpm,我的php脚本不仅限于cgi-bin,所以我的配置完全不同,但它可能会为你提供一些额外的见解.我有基本的身份验证工作,因为我想你会期待它虽然在下面的例子中整个vhost是在基本身份验证而不仅仅是一个文件夹:
fastcgi_params
fastcgi_param SCRIPT_FILename $document_root$fastcgi_script_name;
fastcgi_param QUERY_StriNG $query_String;
fastcgi_param requEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPt_name $fastcgi_script_name;
fastcgi_param requEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE Nginx/$Nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# php only,required if php was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
基于服务器/主机的身份验证示例(删除了不相关的部分)
server {
server_name dev.foo.com;
error_log /app/www/dev.foo.com/logs/error.log error;
root /app/www/dev.foo.com/htdocs;
index index.php index.html;
auth_basic "Secret Files";
auth_basic_user_file /app/www/dev.foo.com/conf/htpasswd;
LOCATIOn ~ \.php${
include /etc/Nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILename $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/foo.com.sock;
}
LOCATIOn ~ /\.ht {
deny all;
}
}
基于位置的身份验证示例(删除了不相关的部分)
server {
server_name foo.com;
error_log /app/www/foo.com/logs/error.log error;
root /app/www/foo.com/htdocs;
index index.php index.html;
LOCATIOn /protected {
auth_basic "Secret Files";
auth_basic_user_file /app/www/foo.com/conf/htpasswd;
LOCATIOn ~ \.php${
include /etc/Nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILename $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/foo.com.sock;
}
}
LOCATIOn ~ \.php${
include /etc/Nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILename $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/foo.com.sock;
}
LOCATIOn ~ /\.ht {
deny all;
}
}
以上是大佬教程为你收集整理的Nginx – PHP脚本上的基本http身份验证全部内容,希望文章能够帮你解决Nginx – PHP脚本上的基本http身份验证所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。