HttpAuthBasicModule
(→Directives) |
Ensiferous (Talk | contribs) (→auth_basic_user_file) |
||
| Line 35: | Line 35: | ||
Passwords must be encoded by function crypt(3). If Apache is installed, you can create the password file using the htpasswd program included. Note: Apache uses MD5 for encryption. | Passwords must be encoded by function crypt(3). If Apache is installed, you can create the password file using the htpasswd program included. Note: Apache uses MD5 for encryption. | ||
| − | + | As of version 1.0.3 nginx supports "$apr1", "{PLAIN}" and "{SSHA}" password encryption methods. | |
| − | + | As of version 1.3.13 nginx supports "{SHA}" encryption as well. Plain SHA1 encryption should be considered for migration purposes only and should whenever possible be avoided for security reasons. | |
This file should be readable by workers, running from unprivileged [[CoreModule#user|user]]. E. g. when nginx run from ''www'' you can set permissions as | This file should be readable by workers, running from unprivileged [[CoreModule#user|user]]. E. g. when nginx run from ''www'' you can set permissions as | ||
Revision as of 20:59, 8 February 2013
Contents |
Synopsis
You can use this module to protect your site or parts of it with username and password based on HTTP Basic Authentication.
Example configuration
location / { auth_basic "Restricted"; auth_basic_user_file htpasswd; }
Directives
auth_basic
| Syntax: |
auth_basic string | off |
| Default: | off |
| Context: |
http server location limit_except |
| Reference: | auth_basic |
This directive includes testing name and password with HTTP Basic Authentication.
The assigned parameter is used as authentication realm.
A value of "off" makes it possible to override the action for the inheritable from a lower-level directive.
auth_basic_user_file
| Syntax: | auth_basic_user_file file |
| Default: | |
| Context: |
http server location limit_except |
| Reference: | auth_basic_user_file |
This directive sets the htpasswd filename for the authentication realm. Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.
The format of file is the following:
user:pass user2:pass2:comment user3:pass3
Passwords must be encoded by function crypt(3). If Apache is installed, you can create the password file using the htpasswd program included. Note: Apache uses MD5 for encryption. As of version 1.0.3 nginx supports "$apr1", "{PLAIN}" and "{SSHA}" password encryption methods. As of version 1.3.13 nginx supports "{SHA}" encryption as well. Plain SHA1 encryption should be considered for migration purposes only and should whenever possible be avoided for security reasons.
This file should be readable by workers, running from unprivileged user. E. g. when nginx run from www you can set permissions as
chown root:nobody htpasswd_file chmod 640 htpasswd_file
See also: How do I generate an htpasswd file without having Apache tools installed?
