这是我在这里的原始nginx配置,运行良好:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
我想将基本身份验证添加到所有内容中——除了一个页面。。。/mui/river
如果我在服务器块中包括基本的身份验证行,并将auth_basic off
放在location /mui
块中,则该配置可以正常工作(它需要/
的身份验证,但不需要/mui
的身份验证(:
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
几乎完美。下一步是让它请求对/mui
中除页面/mui/river
之外的所有内容进行身份验证。
这就是我的问题所在…我尝试了以下操作,当我到达/mui/river
时,它仍然需要身份验证。。。
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
location = /mui/river {
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
如何仅为/mui/river
打开访问权限?
更新:这是我最近的一次尝试,仍然没有成功——仍然阻止了一切。注意,我还试图更改重写行:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location = /mui/river {
rewrite ^/mui/river?(.*)$ /river$1; break;
auth_basic off;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
}
location / {
# The Java servlet is always assumed to be named 'server', so add that to the path.
#
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
现在,您的基本身份验证设置在服务器级别(server {...}
块内(,因此它将应用于所有位置块。
如果要保护除/mui/river
之外的所有,请在要保护的location /mui {...}
和location / {...}
内移动以下2行:
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/