nginx可以通过基本身份验证来保护uri(在重写之前)吗?

时间:2011-10-11 10:08:47

标签: php apache nginx authentication

从apache迁移时,我遇到了nginx的问题。

所有uris都会重写为/index.php,而^ / admin uri应该受到基本身份验证的保护。

使用apache时,我将其配置如下:

RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php [L]

<Location ~ "^/admin">
    AuthType Basic
    AuthName "Restricted"
    AuthUserFile /etc/apache2/httpd.passwd
    Require valid-user
</Location>

这是nginx配置,但它不起作用:

if (!-f $request_filename) {
    rewrite ^ /index.php last;
}

location ~ \.php$ {
    include fastcgi.conf;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
}   

location ~* /admin/ {
    auth_basic "admin login";
    auth_basic_user_file  /etc/nginx/httpd.passwd;
}

我怎么能在nginx中做到这一点?

1 个答案:

答案 0 :(得分:3)

转换apache配置很少是1:1转换为nginx指令。重写阶段在访问阶段之前执行,服务器级重写指令在位置选择发生之前执行,因此if / rewrite在管理位置被考虑之前运行。我会建议这样的事情:

server {
  # general FCP try_files
  location / {
    try_files $uri $uri/ /index.php;
  }

  # capture everything starting with /admin/, don't let regex locations override
  location ^~ /admin/ {
    auth_basic "admin login";
    auth_basic_user_file /etc/nginx/httpd.passwd;

    # should this /index.php be /admin/index.php, or does it go through
    # the normal front controller?
    try_files $uri $uri/ /index.php;

    # handle /admin/*.php requests in here so they're protected by auth_basic
    location ~ \.php$ {
      include fastcgi.conf;
      fastcgi_pass 127.0.0.1:9000;
    }
  }

  # handle php files
  location ~ \.php$ {
    include fastcgi.conf;
    fastcgi_pass 127.0.0.1:9000;
  }
}