Yadda ake Sanya Asalin Tabbatar da HTTP a cikin Nginx


Asalin gaskatawar HTTP shine tsarin tsaro don hana shiga gidan yanar gizonku/ aikace-aikacenku ko wasu sassansa ta hanyar saita sunan mai amfani/kalmar sirri mai sauƙi. Ana iya amfani da shi da gaske don kare gaba dayan sabar HTTP, tubalan uwar garken guda ɗaya (masu runduna ta zahiri a Apache) ko katangar wuri.

Kamar yadda sunan ke nunawa, ba hanya ce amintacciyar hanyar dogaro da ita ba; ya kamata ku yi amfani da shi tare da sauran ingantattun matakan tsaro. Misali, idan aikace-aikacen gidan yanar gizon ku yana gudana akan HTTP, to ana watsa bayanan shaidar mai amfani a cikin rubutu bayyananne, don haka yakamata kuyi la'akari da kunna HTTPS.

Manufar wannan jagorar shine don taimaka muku ƙara ƙarami amma mai fa'ida na tsaro don kare abun ciki na sirri/masu gata akan aikace-aikacen gidan yanar gizon ku (kamar, amma ba'a iyakance ga bangarorin gudanarwa ba). Hakanan zaka iya amfani da shi don hana shiga gidan yanar gizo ko aikace-aikace wanda har yanzu yana kan ci gaba.

  1. Shigar LEMP Stack a cikin CentOS/RHEL 7
  2. Shigar LEMP Stack a cikin Ubuntu/Debian

Ƙirƙiri Fayil ɗin Mai Amfani da Tabbatar da HTTP

Ya kamata ku fara da ƙirƙirar fayil ɗin da zai adana nau'i-nau'i username:password. Za mu yi amfani da htpasswd mai amfani daga Apache HTTP Server, don ƙirƙirar wannan fayil ɗin.

Da farko duba cewa apache2-utils ko httpd-tools, an shigar da fakitin da ke samar da htpasswd utility akan tsarin ku, in ba haka ba ku aiwatar da umarnin da ya dace don rarraba ku don shigar da shi:

# yum install httpd-tools		[RHEL/CentOS]
$ sudo apt install apache2-utils	[Debian/Ubuntu]

Na gaba, gudanar da umurnin htpasswd a ƙasa don ƙirƙirar fayil ɗin kalmar sirri tare da mai amfani na farko. Ana amfani da zaɓin -c don tantance fayil ɗin passwd, da zarar ka danna [Enter], za a umarce ka ka shigar da kalmar sirrin mai amfani.

# htpasswd -c /etc/nginx/conf.d/.htpasswd developer

Ƙara mai amfani na biyu, kuma kada ku yi amfani da zaɓin -c anan.

# htpasswd /etc/nginx/conf.d/.htpasswd admin

Yanzu da kuna da fayil ɗin kalmar sirri a shirye, ci gaba don saita sassan sabar gidan yanar gizon ku waɗanda kuke son hana shiga. Don duba abun ciki na fayil ɗin kalmar sirri (wanda ya haɗa da sunayen mai amfani da rufaffen kalmomin shiga), yi amfani da umarnin cat da ke ƙasa.

# cat /etc/nginx/conf.d/.htpasswd 

Saita Tabbatar da HTTP don Nginx

Kamar yadda muka ambata a baya, zaku iya hana shiga uwar garken gidan yanar gizonku, gidan yanar gizo guda ɗaya (ta amfani da block ɗin sabar sa) ko umarnin wuri. Ana iya amfani da umarni biyu masu amfani don cimma wannan.

  • auth_basic - yana kunna ingantaccen sunan mai amfani da kalmar sirri ta amfani da ka'idar \HTTP Basic Authentication
  • auth_basic_user_file - yana ƙayyade fayil ɗin kalmar sirri.

Don aiwatar da ingantaccen ingantaccen sabar gidan yanar gizo gabaɗaya, wanda ya shafi duk tubalan uwar garken, buɗe fayil ɗin /etc/nginx/nginx.conf kuma ƙara layin da ke ƙasa a cikin mahallin http:

http{
	auth_basic           "Restricted Access!";
    	auth_basic_user_file /etc/nginx/conf.d/.htpasswd; 
	……...
}

Don kunna ingantaccen tabbaci don takamaiman yanki ko yanki, buɗe fayil ɗin sanyi a ƙarƙashin /etc/nginx/conf.d/ ko /etc/nginx/conf/sites-available (dangane da yadda kuka shigar Nginx), sannan ƙara daidaitawa a ƙasa a cikin toshe uwar garken ko mahallin:

server {
	listen 			80;
	server_name    	  example.com;
	auth_basic           	"Restricted Access!";
    	auth_basic_user_file 	/etc/nginx/conf.d/.htpasswd; 
	location /  {
		……..
	}
	……...
}

Hakanan zaka iya kunna ingantaccen tabbaci a cikin umarnin wuri. A cikin misalin da ke ƙasa, za a nemi duk masu amfani da ke ƙoƙarin samun dama ga toshe wurin /admin don tantancewa.

server {
	listen 			80;
	server_name    	example.com www.example.com;
	
	location / {
		……..
	}
	location /admin/ {
		auth_basic           	"Restricted Access!";
    		auth_basic_user_file 	/etc/nginx/conf.d/.htpasswd; 
	}

	location /public/{
		auth_basic  off;	#turns off basic http authentication off for this block
	}
	……..
}

Idan kun saita ainihin amincin HTTP, duk mai amfani da yayi ƙoƙarin shiga uwar garken gidan yanar gizonku ko yanki na yanki ko takamaiman yanki na rukunin yanar gizon (ya danganta da inda kuka aiwatar da shi), za'a nemi sunan mai amfani da kalmar wucewa kamar yadda aka nuna a hoton da ke ƙasa. .

Idan an gaza tantance mai amfani, za a nuna kuskuren \401 Izini da ake buƙata kamar yadda aka nuna a ƙasa.

Kuna iya samun ƙarin bayani a ƙuntata Samun shiga tare da Basic HTTP Tantance kalmar sirri.

Hakanan kuna iya son karanta waɗannan jagororin masu alaƙa da uwar garken Nginx HTTP masu amfani.

  1. Yadda ake Kare Kalmomin sirri na Yanar Gizo a Nginx
  2. Ƙarshen Jagora don Aminta, Taurare da Inganta Ayyukan Nginx
  3. Kafa HTTPS tare da Bari Mu Encrypt SSL Certificate Na Nginx

A cikin wannan jagorar, mun nuna yadda ake aiwatar da ainihin ingantaccen HTTP a cikin sabar gidan yanar gizon Nginx HTTP. Don yin kowace tambaya, yi amfani da fam ɗin martani da ke ƙasa.