nginx auth_basic" Restricted"提示登录每个请求 [英] nginx auth_basic "Restricted" prompting login on every request
问题描述
我已经设置了一个简单的nginx服务器,将位置块配置为指向我想要服务的相应目录,并使用auth_basic模块设置基本身份验证。
I've set up a simple nginx server, configured the location block to point to the respective directories I want served, and setup basic authentication using the auth_basic module.
但是, 我的服务器在位置块 下的每个页面请求上请求用户名:密码凭据,即使多次向位置块下的不同页面提供这些凭据,包括根位置目录。
However, my server requests username : password credentials on every single page request under the location block, even after providing them multiple times to different pages under the location block, including the root location directory.
如何配置它来存储身份验证?这是nginx问题还是浏览器/请求标题问题?
How can I configure it to store the authentication? Is this an nginx issue or a browser / request headers issue?
这是nginx配置:
server {
listen 80;
server_name 0.0.0.0;
location /path/to/dir {
alias /var/www/dir/;
index index.html index.htm;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ =404;
}
}
在Ubuntu上运行nginx 1.4.6。
Running nginx 1.4.6 on Ubuntu.
推荐答案
HTTP身份验证信息存储在浏览器缓存中,只有在身份验证失败或来自不同领域时才会再次请求(在 auth_basic受限制;
它是受限制的)。
HTTP authentication information is stored on your browser cache, and should only be requested again if the authentication fails or it's from a different realm (in auth_basic "Restricted";
it's Restricted).
您的配置很好,考虑到您的密码是正确的,并且Nginx用户具有对密码文件的读取权限(在这种情况下它始终会失败 - 但在日志文件中发送错误消息指示此错误)。这是最可能的原因,主要是如果您只有一个位置具有身份验证。
Your configuration is fine, considering your password is correct and Nginx user has read access to the password file (case in which it'll always fail — but send an error message at the log file indicating this error). This is the most probable reason, mainly if you have only one location with authentication.
另一个可能的原因是多个 auth_basic
指令,它们使用不同的域或密码。这与应用程序生成的 WWW-Authenticate
标头相同(例如,如果您的后端应用程序除了Nginx之外还请求HTTP身份验证)。当有不同的领域或密码失败时,您的浏览器将再次请求它。我不知道每个URL存储身份验证的浏览器,它始终是领域+主机名的组合。
Another possible reason is having multiple auth_basic
directives and they use different realms or passwords. This is the same for application-generated WWW-Authenticate
headers (say, if your backend application requests for HTTP authentication in addition to Nginx). When there's a different realm or a password fails, your browser will request it again. No browser that I know of stores authentication per URL, it's always a combination of realm+hostname.
如果您确实需要在不同位置使用不同的域或密码,请确保它们不要为单个页面重叠(例如,如果您为资产使用不同的密码:图像,样式或javascript)。或者使用不同的主机 - 但是每个主机/领域组合都会请求一次密码。
If you do need different realms or passwords on different locations, make sure they don't overlap for a single page (for example, if you use a different password for your assets: images, styles or javascript). Or use different hosts — the password would be requested once for each host/realm combination, though.
更新
使用 0.0.0.0
作为 server_name
- listen 80;
已使您的服务器监听所有接口/ IP地址。
It's unusual to use 0.0.0.0
as a server_name
— listen 80;
already makes your server to listen to all interfaces/IP addresses.
使用 server_name _;
如果您的意思是使用任何请求主机。
Use server_name _;
in case you mean to use any request host.
这篇关于nginx auth_basic" Restricted"提示登录每个请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!