如果通过索引访问,则绕过http auth

时间:2017-02-21 19:02:39

标签: php http authentication nginx

我为所有使用NGINX的usenet程序设置了以下设置,所有这些程序都锁定在SSL 443端口后面,每个子程序都使用http auth。

我使用iDashboard,所以我可以通过一个页面访问它们

https://github.com/causefx/iDashboard-PHP

我在我的设备上访问该页面,我需要输入每个选项卡的用户名和密码。如果直接从我的域访问它只能输入一次,但如果单独访问仍然需要它。

下面是我的nginx设置

 #user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
  listen 80;
  server_name _;
  rewrite ^ https://$host$request_uri? permanent;
   }

  server {
        listen 443 ssl;
        server_name  mydomain.com, 192.168.0.21;



    ssl_certificate mykey.crt;
    ssl_certificate_key mykey.key;

    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_dhparam dhparam.pem;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;



        location /{
            root   html;
            index  index.php



        auth_basic "closed site";
        auth_basic_user_file .htpasswd;


        }




        location /web{
        if ($http_x_plex_device_name = '') { 
            rewrite ^/$ http://$http_host/web/index.php; 
        } 

        proxy_pass http://192.168.0.21:32400/web/index.html;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

        location /nzbget {
        proxy_pass http://192.168.0.21:6789;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

      location /plexpy {
        proxy_pass http://127.0.0.1:8181/plexpy;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        auth_basic           "Plexpy closed site";
        auth_basic_user_file .htpasswd;
        }   

    location /comics {
        proxy_pass http://127.0.0.1:8090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        auth_basic           "Comics closed site";
        auth_basic_user_file .htpasswd;
        } 


        location /htpc {
        proxy_pass http://127.0.0.1:8085;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        auth_basic           " HTPC closed site";
        auth_basic_user_file .htpasswd;
        }

                location /nzbhydra {
        proxy_pass http://127.0.0.1:5075;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


    }
        location /sonarr {
        proxy_pass http://127.0.0.1:8989;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        auth_basic           "TV closed site";
        auth_basic_user_file .htpasswd;

    }
    location /movies {
        proxy_pass http://127.0.0.1:5050;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        auth_basic           "Movies closed site";
        auth_basic_user_file .htpasswd;


            }
     location /deluge {
        proxy_pass http://127.0.0.1:7741/;
        proxy_set_header X-Deluge-Base "/deluge/";
        auth_basic           "Deluge closed site";
        auth_basic_user_file .htpasswd;

                    }
     location /plexrequest{
        proxy_pass http://127.0.0.1:3579;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                        }
     location /myserver{
        proxy_pass http://192.168.0.35:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                }
     location /calendar{
        proxy_pass http://192.168.0.21:8989/sonarr/feed/calendar/NzbDrone.ics?apikey=myapi;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }



        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
            location ~ .php$ {
    root           html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  C:/nginx-1.8.0/html/$fastcgi_script_name;
    include        fastcgi_params;
    }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

任何帮助都会被证实

0 个答案:

没有答案