How to configure Nginx access restrictions

What is nginx access restriction configuration

nginx access restriction can be based on two aspects, one is IP-based access control, and the other is user-based trust login control

Below we will introduce these two methods one by one

Introduction to IP-based access control:

Can be configured through IP-based access control achieves the effect of allowing certain IPs to be accessible and restricting which IPs cannot be accessed

This is the configuration method to allow access

Configuration syntax: allow address | cidr | unix | all;

Default configuration: no configuration

Configuration path: under http, server, location, limit_except;

This is a configuration that does not allow access

Method configuration syntax: deny address | cidr | unix | all;

Default configuration: no configuration

Configuration path: under http, server, location, limit_except;

Testing based on IP access restrictions

1. Check the local IP address. If it is a public network, go to the ip138 network to check. If it is a test, use cmd Check.

2. Add an admin.html file in the /opt/app/code/ directory, which is a normal admin page with a background color

3. In /etc/nginx/ In the conf.d/ directory, modify the default.conf file and add the following content

As can be seen from the above figure, a location has been added to match admin.html and set in it After configuring based on IP restrictions, 192.xx.xx.xx will be restricted and not allowed to be accessed, while others can be accessed.

4. Reload nginx

5. Enter the URL in the browser and view the log

6. From the above picture, it can be seen that the access to a certain IP has been restricted. If only a certain IP is allowed to access, you only need to change the keyword.

Example:

1. Server-wide ip limit

#vi nginx.conf
  allow 10.115.0.116; #允许的ip
  deny all;

2. Site limit ip

#vi vhosts.conf
站点全局限ip:
location / {
  index index.html index.htm index.php;
  allow 10.115.0.116;
  deny all;

Site directory restrictions

location ^~ /test/ {
  allow 10.115.0.116;
  deny all;

Access control based on login user trust

For example, we When accessing apache information, a user password box prompt pops up to perform a pre-access verification.

Configuration syntax: auth_basic string | off;

Default configuration: auth_basic off;

Configuration path: http, server, location, limit_except;

Match configuration syntax: auth_basic_user_file filepath;

Match default configuration: No configuration

Match configuration path: http, server, location, limit_except;

1. You need to add an identity file, auth_conf file, here use an htpasswd tool

Use the command htpasswd -c ./auth_conf root;

Explain: htpasswd command -c: The default is Use md5 encryption, ./auth_conf is the specified path and file, root is the user name

After entering, the password will be entered twice

2. Modify default .conf configuration file, modify the content as follows

3. Reload nginx

4. Enter the URL and check the results. You can see that you need to enter identity information to access

The above is the detailed content of How to configure Nginx access restrictions. For more information, please follow other related articles on the PHP Chinese website!