Home > Article > Operation and Maintenance > How to configure Nginx access restrictions
What is nginx access restriction configuration
nginx access restriction can be based on two aspects, one is IP-based access control, and the other is user-based trust login control
Below we will introduce these two methods one by one
Introduction to IP-based access control:
Can be configured through IP-based access control achieves the effect of allowing certain IPs to be accessible and restricting which IPs cannot be accessed
This is the configuration method to allow access
Configuration syntax: allow address | cidr | unix | all;
Default configuration: no configuration
Configuration path: under http, server, location, limit_except;
This is a configuration that does not allow access
Method configuration syntax: deny address | cidr | unix | all;
Default configuration: no configuration
Configuration path: under http, server, location, limit_except;
Testing based on IP access restrictions
1. Check the local IP address. If it is a public network, go to the ip138 network to check. If it is a test, use cmd Check.
2. Add an admin.html file in the /opt/app/code/ directory, which is a normal admin page with a background color
3. In /etc/nginx/ In the conf.d/ directory, modify the default.conf file and add the following content
As can be seen from the above figure, a location has been added to match admin.html and set in it After configuring based on IP restrictions, 192.xx.xx.xx will be restricted and not allowed to be accessed, while others can be accessed.
4. Reload nginx
5. Enter the URL in the browser and view the log
6. From the above picture, it can be seen that the access to a certain IP has been restricted. If only a certain IP is allowed to access, you only need to change the keyword.
Example:
1. Server-wide ip limit
#vi nginx.conf allow 10.115.0.116; #允许的ip deny all;
2. Site limit ip
#vi vhosts.conf 站点全局限ip: location / { index index.html index.htm index.php; allow 10.115.0.116; deny all;
Site directory restrictions
location ^~ /test/ { allow 10.115.0.116; deny all;
Access control based on login user trust
For example, we When accessing apache information, a user password box prompt pops up to perform a pre-access verification.
Configuration syntax: auth_basic string | off;
Default configuration: auth_basic off;
Configuration path: http, server, location, limit_except;
Match configuration syntax: auth_basic_user_file filepath;
Match default configuration: No configuration
Match configuration path: http, server, location, limit_except;
1. You need to add an identity file, auth_conf file, here use an htpasswd tool
Use the command htpasswd -c ./auth_conf root;
Explain: htpasswd command -c: The default is Use md5 encryption, ./auth_conf is the specified path and file, root is the user name
After entering, the password will be entered twice
2. Modify default .conf configuration file, modify the content as follows
3. Reload nginx
4. Enter the URL and check the results. You can see that you need to enter identity information to access
The above is the detailed content of How to configure Nginx access restrictions. For more information, please follow other related articles on the PHP Chinese website!