Take an in-depth look at nGINx basic login authentication (including configuration steps)
Click to visit MSY. plus for a better experience
Functions of HTTP basic authentication
- HTTP basic authentication will bring up the login window from the browser,
- Simple, clear, easy to understand,
- Not friendly enough for end-user-oriented receptionists,
- But it is useful for the back end of internal staff operations and is often used as a layer of security.
Is this login authentication secure?
Auth_basic is an authentication module commonly used in Apache and Nginx. In many systems that do not have built-in authentication, it is common to use nginx’s auth_BASIC to perform a simple authentication. The user name and password will be prompted for authentication.
One tool commonly used with Auth_Basic is htpasswd, which comes from the Httpd-tools package and is used to generate encrypted files for users and their passwords
Possible problems
But there is a problem with htpasswd generating passwords
In httpD-Tools 2.2, the default password encryption algorithm is CRYPT. In httpD-Tools 2.4, the default password encryption algorithm is CRYPT. In httpD-Tools 2.2, the default password encryption algorithm is CRYPT. By default, passwords are encrypted using MD5
Some people say that SHA is more secure than MD5 encryption. Why does the new version use MD5 as the default encryption algorithm?
The SHA algorithm does not use a salt and is less secure than The MD5 algorithm. SHA without salt is not MD5 secure
In cryptography, the name salt is a randomly generated string. In unsalted hashing, one method of cracking the original password is the rainbow table collision. By adding salt and then hashing, the original password can be effectively prevented from brute force cracking the rainbow table attack
The solution
The safe way to handle this is to update httpD-Tools to version 2.4 and regenerate the user password pair, or select md5 encryption when htpasswd generates the key by using the -m parameter
Simulation verification demonstration
Let’s create a new site for example
Domain name: nginx_basic_auth.msy.plus Login name: admin Password: 12345678Copy the code
For demonstration purposes only, this very simple password cannot be used in a production environment
Generate files for testing
echo "<h1>welcome to nginx_basic_auth.msy.plus</h1>" >> ./nginx_basic_auth/index.html
Copy the code
Configure basic HTTP authentication for NGINx
Check for support for the conf.d directory in nginx.conf. If it does not exist, add it
Include/usr/local/soft/nginx - 1.18.0 / conf/conf. D / *. Conf.Copy the code
Note: In the production environment, in order to facilitate management, will put each server into a special conf file, do not mix together and write all to nginx.conf, modify and search are not convenient
Create the server file for the web site
server { auth_basic "lhdtest.com admin"; Auth_basic_user_file/usr/local/soft/nginx - 1.18.0 / conf/conf. D/admin. PWD. listen 80; server_name nginx_basic_auth.msy.plus root /data/site/admin/html; index index.html index.shtml index.htm; access_log /data/nginx/logs/admin.access_log; error_log /data/nginx/logs/admin.error_log; }Copy the code
Generate the password
Nginx only requires a password file for authentication, and it doesn’t matter where the password file is generated, so you just need a way to generate the key
You can do it in Python you can do it in GO or you can do it in C
Here I am using Windows centos subsystem, directly generate the key and upload it to the server
Htpasswd is a command tool of the open source HTTP server Apache HTTPD. It is used to generate the password file for HTTP basic authentication.
Install the htpasswd
Ubuntu installation:
sudo apt-get install apache2-utils
Copy the code
Centos installation:
yum -y install httpd
Copy the code
Key generation options
The following build options are used here
#-n:Don't update file; Display results on stdout // Do not update files; #-m:Force MD5 encryption of the password #-m:Force MD5 encryption of the passwordCopy the code
Enter a command to generate the key
htpasswd -nbm admin 12345678
Copy the code
You can see that the output has a key
admin:$apr1$nkxLxBPa$EGa.u5yKuQ08m6g/8bGb9.
Copy the code
In the password file you specified earlier, enter the generated content
Auth_basic_user_file/usr/local/soft/nginx - 1.18.0 / conf/conf. D/admin. PWD. // For Windows Server users, the path may be slightly differentCopy the code
The test results
Enter the correct user name and password to enter the website
Refer to the article
Is your NGINX login authentication secure? Configure HTTP Basic Auth. Centos install htpasswd_Nginx and use htpasswd