Nginx基本身份验证可在http上运行，但不能在https上运行 [英] Nginx basic auth working on http but not on https

问题描述

我在centos 6上运行nginx.该域配置为使用ssl.一些特定的文件夹需要使用密码保护.如果我使用http键入URL，则浏览器会要求输入用户名并通过.如果我使用https键入相同的URL，则将显示特定文件夹的索引文件，而不要求用户通过.

Im running nginx on centos 6. The domain is configured to use ssl. Some specific folders need to be password protected. If I type the url with http the basic the browsers asks to enter user and pass. If I type the same url with https then the index file of the specific folder will be shown without asking for user pass.

我在域特定的nginx.conf文件中有此文件:

I have this in my domain specific nginx.conf file:

  location /protected_folder {
      auth_basic "Restricted";
      auth_basic_user_file /etc/nginx/.htpasswd;
  }

如何确保使用http和https的两个网址都受密码保护?

How can I make sure that the both urls using http and https are password protected?

推荐答案

您需要将受限制的配置放在80和443端口中:

You need to put your restricted configuration in 80 and 443 ports :

/etc/nginx/sites-available/MY_VHOST

/etc/nginx/sites-available/MY_VHOST

server
{
    listen               80;
    server_name          YOUR.FQDN;

.....other config of vhost..... 

    location /protected_folder {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

server
{
    listen               443;
    server_name          YOUR.FQDN;

.....other config of vhost..... 

    location /protected_folder {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

或者您可以将http请求重定向到https:

or you can redirect the http request to https :

server
{
        listen               80;
        server_name          YOUR.FQDN;
        return 301           https://YOUR.FQDN$request_uri;

}
server
{
    listen               443;
    server_name          YOUR.FQDN;

.....other config of vhost..... 

    location /protected_folder {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

这篇关于Nginx基本身份验证可在http上运行，但不能在https上运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！