Authentication mechanism of web server in Nginx reverse proxy

As a high-performance web server, Nginx can be used as a reverse proxy server to provide fast and stable services to the outside world. In the reverse proxy, Nginx needs to connect to the internal Web server to obtain the requested resources, which involves the authentication mechanism of the Web server.

Web server authentication is generally divided into two methods: basic authentication and digest authentication. Basic authentication means that users verify their identity by entering their username and password, and the server verifies this information before allowing access to resources. Digest authentication means that when a user requests a resource, the server returns some random values. The client encrypts these values ​​before requesting the resource. The server verifies the identity by decrypting the encrypted information provided by the client.

In the reverse proxy, the web server that Nginx needs to connect to also needs to carry out the above authentication measures. At this time, we can authenticate the web server by setting proxy verification in the Nginx configuration file:

1. Basic authentication:

• In Nginx http Add the following code under the paragraph:

     auth_basic "Input your username and password";
     auth_basic_user_file /etc/nginx/conf.d/conf/auth.conf;

where auth_basic means enabling the verification mechanism and prompting the user to enter the user name and password in the input box, auth_basic_user_file means specifying The file where the username and password are stored is set in /etc/nginx/conf.d/conf/auth.conf.

• First create a Password file in the auth.conf file:

     htpasswd -c /etc/nginx/conf.d/conf/Password username

The -c parameter indicates adding a user for the first time, and username is the user name. , after executing the above command, you will be asked to enter your password. After completion, a user and password will be generated in the Password file.

• Add a user:

     htpasswd /etc/nginx/conf.d/conf/Password user2

If the above command is for a Password file that already exists, adding a new user will also ask you to enter the password.

2. Digest Authentication

• Add the following code under the http section of Nginx:

     auth_digest "Please Login";
     auth_digest_user_file /etc/nginx/conf.d/conf/auth_digest.conf;

auth_digest means to enable the verification mechanism and prompt the user to enter the user name and password in the input box. auth_digest_user_file means to specify the file where the user name and password are stored. Here we set it in /etc/nginx/conf.d /conf/auth_digest.conf.

• Add the following content to the auth_digest.conf file:

     user1:PasswordRealm:2da86e1b3a8a5511c400d00737a7a233

where user1 is the user name and PasswordRealm is the password It is combined with the field name corresponding to the encrypted random value. 2da86e1b3a8a5511c400d00737a7a233 is the encrypted ciphertext.

The above is how Nginx implements Web server authentication. Through the above authentication measures, effective protection and security control can be carried out on the Web server to ensure the security and stability of the system.

The above is the detailed content of Authentication mechanism of web server in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!