CentOS 8のNginxでBasic認証を設定してみました。
Restricting Access with HTTP Basic Authentication
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
環境
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.6.3.el8_2.x86_64
・nginx version: nginx/1.18.0(Nginx repository)
- httpd-toolsのインストール
- パスワードファイルの作成
- 認証が必要なディレクトリの作成
- Nginxの設定
- Nginxの再起動
パスワードファイルを作成するコマンドhtpasswdはhttpd-toolsに含まれています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
[root@centos8 ~]# dnf info httpd-tools Available Packages Name : httpd-tools Version : 2.4.37 Release : 21.module_el8.2.0+382+15b0afa8 Architecture : x86_64 Size : 103 k Source : httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.src.rpm Repository : AppStream Summary : Tools for use with the Apache HTTP Server URL : https://httpd.apache.org/ License : ASL 2.0 Description : The httpd-tools package contains tools which can be used with : the Apache HTTP Server. [root@centos8 ~]# dnf -y install httpd-tools Last metadata expiration check: 2:19:40 ago on Sat Jul 18 15:24:41 2020. Dependencies resolved. ================================================================================ Package Arch Version Repo Size ================================================================================ Installing: httpd-tools x86_64 2.4.37-21.module_el8.2.0+382+15b0afa8 AppStream 103 k Installing dependencies: apr x86_64 1.6.3-9.el8 AppStream 125 k apr-util x86_64 1.6.1-6.el8 AppStream 105 k Installing weak dependencies: apr-util-bdb x86_64 1.6.1-6.el8 AppStream 25 k apr-util-openssl x86_64 1.6.1-6.el8 AppStream 27 k Enabling module streams: httpd 2.4 Transaction Summary ================================================================================ Install 5 Packages Total download size: 384 k Installed size: 750 k Downloading Packages: (1/5): apr-util-bdb-1.6.1-6.el8.x86_64.rpm 222 kB/s | 25 kB 00:00 (2/5): apr-util-openssl-1.6.1-6.el8.x86_64.rpm 3.1 MB/s | 27 kB 00:00 (3/5): apr-util-1.6.1-6.el8.x86_64.rpm 870 kB/s | 105 kB 00:00 (4/5): apr-1.6.3-9.el8.x86_64.rpm 1.0 MB/s | 125 kB 00:00 (5/5): httpd-tools-2.4.37-21.module_el8.2.0+382 14 MB/s | 103 kB 00:00 -------------------------------------------------------------------------------- Total 89 kB/s | 384 kB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : apr-1.6.3-9.el8.x86_64 1/5 Running scriptlet: apr-1.6.3-9.el8.x86_64 1/5 Installing : apr-util-bdb-1.6.1-6.el8.x86_64 2/5 Installing : apr-util-openssl-1.6.1-6.el8.x86_64 3/5 Installing : apr-util-1.6.1-6.el8.x86_64 4/5 Running scriptlet: apr-util-1.6.1-6.el8.x86_64 4/5 Installing : httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x8 5/5 Running scriptlet: httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x8 5/5 Verifying : apr-1.6.3-9.el8.x86_64 1/5 Verifying : apr-util-1.6.1-6.el8.x86_64 2/5 Verifying : apr-util-bdb-1.6.1-6.el8.x86_64 3/5 Verifying : apr-util-openssl-1.6.1-6.el8.x86_64 4/5 Verifying : httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x8 5/5 Installed: apr-1.6.3-9.el8.x86_64 apr-util-1.6.1-6.el8.x86_64 apr-util-bdb-1.6.1-6.el8.x86_64 apr-util-openssl-1.6.1-6.el8.x86_64 httpd-tools-2.4.37-21.module_el8.2.0+382+15b0afa8.x86_64 Complete! |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@centos8 ~]# repoquery --list httpd-tools Last metadata expiration check: 2:20:22 ago on Sat Jul 18 15:24:41 2020. /usr/bin/ab /usr/bin/htdbm /usr/bin/htdigest /usr/bin/htpasswd /usr/bin/httxt2dbm /usr/bin/logresolve /usr/lib/.build-id /usr/lib/.build-id/34 /usr/lib/.build-id/34/86e9d0c5eeac7eeb4c1a8edd23e5cd852ca014 /usr/lib/.build-id/3c/86176cb37b9436941a0be9cb9346dd21f5b5ce /usr/lib/.build-id/40/8d5b4de327960b3e674dacd0dce15962e7ce5f /usr/lib/.build-id/4a /usr/lib/.build-id/4a/8c501a7bd0b8c6a212770a5aa57745fdd77730 /usr/lib/.build-id/9e/f13d30d8d61579244b31de6e306d602012676e /usr/lib/.build-id/c5/809db3f61fd058eb8343b4a8425a0a15093c6b /usr/share/doc/httpd-tools /usr/share/doc/httpd-tools/LICENSE /usr/share/doc/httpd-tools/NOTICE /usr/share/man/man1/ab.1.gz /usr/share/man/man1/htdbm.1.gz /usr/share/man/man1/htdigest.1.gz /usr/share/man/man1/htpasswd.1.gz /usr/share/man/man1/httxt2dbm.1.gz /usr/share/man/man1/logresolve.1.gz |
パスワードファイルの新規作成は -c
を追加して、すでに存在するパスワードファイルにユーザを追加する場合は必要ありません。
1 2 3 4 |
[root@centos8 ~]# htpasswd -c /usr/share/nginx/.htpasswd guest01 New password: Re-type new password: Adding password for user guest01 |
ユーザの追加
1 2 3 4 |
[root@centos8 ~]# htpasswd /usr/share/nginx/.htpasswd guest02 New password: Re-type new password: Adding password for user guest02 |
パスワードファイルの中身はこんな感じです。
1 2 3 4 5 |
[root@centos8 ~]# ls -l /usr/share/nginx/.htpasswd -rw-r--r--. 1 root root 92 Jul 18 17:47 /usr/share/nginx/.htpasswd [root@centos8 ~]# cat /usr/share/nginx/.htpasswd guest01:$apr1$/bEZP9wS$suScgj.2djYYivUPw1qGH2 guest02:$apr1$qys3VisV$PmuG8kmitVQqg8CohDh4eA |
検証用に/usr/share/nginx/Restricted/ を作成してサンプルファイルを作成します。
1 2 3 4 5 6 7 |
[root@centos8 ~]# mkdir /usr/share/nginx/Restricted [root@centos8 ~]# ls -ld /usr/share/nginx/Restricted drwxr-xr-x. 2 root root 6 Jul 18 17:49 /usr/share/nginx/Restricted [root@centos8 ~]# vi /usr/share/nginx/Restricted/index.html [root@centos8 ~]# cat /usr/share/nginx/Restricted/index.html <h1>Restricted Area</h1> |
/usr/share/nginx/Restricted/ をBasic認証が必要な領域としてNginxの設定を追加します。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@centos8 ~]# vi /etc/nginx/conf.d/default.conf [root@centos8 ~]# cat /etc/nginx/conf.d/default.conf server { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } location /Restricted { root /usr/share/nginx; index index.html index.htm; auth_basic "Restricted Area"; auth_basic_user_file /usr/share/nginx/.htpasswd; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } |
1 2 3 4 |
[root@centos8 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@centos8 ~]# systemctl restart nginx |
http://IP_Address//Restricted/ にアクセスすると認証画面が表示されます。
ユーザ名、パスワードを入力して認証が行われればサンプルが表示されます。