Detailed explanation of Nginx access restriction configuration

What is Nginx access restriction configuration

Nginx access restrictions can be based on two aspects: one is IP-based access control, and the other is user-based trusted login control.

Below we will introduce these two methods one by one

Introduction to IP-based access control:

You can configure IP-based access control to allow certain IPs to access and restrict which IPs cannot access

This is the configuration method that allows access

Configuration syntax: allow address | CIDR | unix | all;

Default configuration: No configuration

Configuration path: http, server, location, limit_except;

This is a configuration that does not allow access

Method configuration syntax: deny address | CIDR | unix | all;

Default configuration: No configuration

Configuration path: http, server, location, limit_except;

Testing based on IP access restrictions

1. Check the local IP address. If it is a public network, go to ip138 network to check. If it is a test, use cmd to check.

2. Add an admin.html file in the /opt/app/code/ directory, which contains a normal admin page with a background color

3. In the /etc/nginx/conf.d/ directory, modify the default.conf file and add the following content

As can be seen from the figure above, a location is added to match admin.html, and the configuration based on IP restriction is set in it, restricting 192.xx.xx.xx from accessing it, while others can access it.

4. Reload nginx

5. Enter the URL in the browser and check the log

6. From the above picture, we can see that the access restriction of a certain IP has been realized. If you only allow a certain IP to access, you only need to change the keywords.

Example:

1. Server global IP limit

#vi nginx.conf
  allow 10.115.0.116; #Allowed IP
  deny all;

2. Site Limitation IP

#vi vhosts.conf
Site global limited IP:
location / {
  index index.html index.htm index.php;
  allow 10.115.0.116;
  deny all;

Site Directory Restrictions

location ^~ /test/ {
  allow 10.115.0.116;
  deny all;

Access control based on logged-in user trust

For example, when we access Apache information, a user password box prompt pops up to perform a pre-access verification.

Configuration syntax: auth_basic string | off;

Default configuration: auth_basic off;

Configuration path: http, server, location, limit_except;

Matches configuration syntax: auth_basic_user_file filePath;

Matches default configuration: No configuration

Match configuration paths: http, server, location, limit_except;

1. You need to add an identity file, auth_conf file, here we use an htpasswd tool

Use the command htpasswd -c ./auth_conf root;

Explanation: htpasswd command -c: MD5 encryption is used by default, ./auth_conf is the specified path and file, root is the username

After entering, you will be prompted to enter your password twice.

2. Modify the default.conf configuration file and modify the content as follows

3. Reload nginx

4. Enter the URL and check the results. You can see that you need to enter your identity information to access it.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.