nginx 基于IP和用户的访问

nginx的下载

yum install nginx.x86_64 -y

启动服务

systemctl enable --now nginx.service

查看服务目录

[root@webserver ~]# rpm -ql nginx
/usr/bin/nginx-upgrade
/usr/lib/systemd/system/nginx.service
/usr/share/man/man3/nginx.3pm.gz
/usr/share/man/man8/nginx-upgrade.8.gz
/usr/share/man/man8/nginx.8.gz
/usr/share/nginx/html/404.html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/icons
/usr/share/nginx/html/icons/poweredby.png
/usr/share/nginx/html/index.html
/usr/share/nginx/html/nginx-logo.png
/usr/share/nginx/html/poweredby.png
/usr/share/nginx/html/system_noindex_logo.png
/usr/share/vim/vimfiles/ftdetect/nginx.vim
/usr/share/vim/vimfiles/ftplugin/nginx.vim
/usr/share/vim/vimfiles/indent/nginx.vim
/usr/share/vim/vimfiles/syntax/nginx.vim

修改默认发布

echo 172.25.254.100 > /usr/share/nginx/html/index.html

结果

基于IP的访问限制

vim /etc/nginx/nginx.conf
 server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        #root         /usr/share/nginx/html;
​
        root         /var/www/html;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
​
        error_page 404 /404.html;
        location = /404.html {
        }
​
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
        location = /timinglee/ {
                allow 172.25.254.100;
                deny all;
        }
    }

allow 172.25.254.100;

deny all;只允许172.25.254.100访问

结果

100的主机

[root@webserver ~]# curl 172.25.254.100/timinglee/
timinglee

200的主机

[root@server200 ~]# curl 172.25.254.100/timinglee/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>

基于用户的访问

上面的实验做完，恢复环境

[root@webserver ~]# mkdir -p /usr/share/nginx/html/timinglee
[root@webserver ~]# echo timinglee > /usr/share/nginx/html/timinglee/index.html
[root@webserver ~]# curl 172.25.254.100/timinglee/
timinglee
建立隐藏的认证文件，以.开头
下载所需的工具
[root@webserver ~]# dnf install httpd-tools -y
创建所需的认证文件
[root@webserver ~]# htpasswd -cm /etc/nginx/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin
这里的用户并不是系统真实的用户
[root@webserver ~]# cat /etc/nginx/.htpasswd
admin:$apr1$.BwhiHQk$uSJKKScJdh6T.XQTnRxmX.
第二次创建
[root@webserver ~]# htpasswd -m /etc/nginx/.htpasswd timinglee
New password:
Re-type new password:
Adding password for user timinglee
[root@webserver ~]# cat /etc/nginx/.htpasswd
admin:$apr1$.BwhiHQk$uSJKKScJdh6T.XQTnRxmX.
timinglee:$apr1$b9AI5qvA$seGe4elxYymRfVTRwob0a1

打开主配置文件

[root@webserver ~]# vim /etc/nginx/nginx.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  _;
    root         /usr/share/nginx/html;
​
    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
​
    error_page 404 /404.html;
    location = /404.html {
    }
​
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
    location /timinglee/ {
            auth_basic on;
            auth_basic_user_file "/etc/nginx/.htpasswd";
    }
}
进行重启
[root@webserver ~]# systemctl restart nginx.service

验证

[root@webserver ~]# curl 172.25.254.100/timinglee/ -uadmin:123456
timinglee

俩种验证方式任选择