首先使用NGINX和PHP +用户授权上传文件 [英] File Upload with NGINX and PHP + user authorization first

问题描述

我正在尝试建立一个用户可以上传文件的Web服务.我唯一的问题是，NGINX允许任何用户在对用户进行身份验证之前上载文件.我希望只允许授权用户上传文件.

I am trying to set up a web service where users can upload files. The only problem that I am having is that NGINX lets ANY user upload a file prior to doing any authentication of the user. I want to be able to only let authorized users upload files.

基本上，我想传递将文件上传到PHP的请求，并使PHP告诉NGINX该用户确实已经登录，现在可以从他那里接收文件了.

Basically I want to pass the request to upload the file to PHP and make PHP tell NGINX that this user has indeed logged in and it can now receive files from him.

我正在使用NGINX和PHP.

I am using NGINX and PHP.

有什么建议吗?

推荐答案

使用Nginx 身份验证请求模块

然后在Nginx中设置如下指令:

Then set up your directives in Nginx something like this:

location /upload/ {
    auth_request /auth;
    ...
}

location = /auth {
    proxy_pass ...
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Real-Ip $remote_addr;
}

现在，每当客户端请求/uploads时，Nginx都会向/auth发出内部子请求，在此示例中，将客户端IP传递到标头中，但是您可以根据自己的需要进行配置.

Now Nginx will make an internal subrequest to /auth whenever a client requests /uploads, in this example passing the client IP in the headers but you can configure it however to suit your needs.

您的PHP脚本收到该子请求，执行您想执行的身份验证，如果要允许访问，则返回HTTP响应代码200，否则，则返回401.

Your PHP script receives the subrequest, does whatever authentication you want to do and returns HTTP response code of 200 if you want to allow access and 401 if you dont.

这篇关于首先使用NGINX和PHP +用户授权上传文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！