部暑nginx digest auth

1、使用docker生成容器镜像

1.1 国内源debain 换成国内源

mkdir  nginx-digest 
cd nginx-digest 
cat > sources.list << 'EOF'
deb http://mirrors.163.com/debian/ bullseye main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb http://mirrors.ustc.edu.cn/debian-security/ stable-security main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian-security/ stable-security main non-free contrib
EOF

1.2 生成Dockerfile

cat > Dockerfile << 'EOF'
FROM nginx AS build
ADD  sources.list /etc/apt/sources.list
RUN apt-get update \
        && apt-get install --no-install-recommends -y git gcc make libpcre3-dev libssl-dev libxml2-dev libxslt-dev libgd-dev libgeoip-dev wget apache2-utils ca-certificates \
        && update-ca-certificates \
        && git clone https://ghproxy.com/https://github.com/atomx/nginx-http-auth-digest \
        && wget `nginx -v 2>&1|awk -F\/ '{print "https://nginx.org/download/nginx-"$2".tar.gz"}'` \
        && tar zxvf nginx-*.tar.gz \
        && ( cd nginx-* && nginx -V 2>&1|awk '/configure/{ print "./configure " substr($0,22) " --add-module=../nginx-http-auth-digest/ --sbin-path=/usr/sbin/"}' | sh && make -j4 && make install ) \
        && apt-get remove -y git gcc make libpcre3-dev libssl-dev libxml2-dev libxslt-dev libgd-dev libgeoip-dev wget apache2-utils \
        && apt-get autoremove -y \
        && apt-get clean all \
        && rm -rf /var/lib/apt/lists/* \
        && nginx -V

FROM nginx
COPY --from=build /usr/sbin/nginx /usr/sbin/nginx

#生成镜像

docker build -t nginx-digest .

#buildkit生成多CPU架构镜像的方法

docker buildx build --platform arm64,amd64 -t  zengxiangbang/nginx-digest . --push

digest auth 帐密码生成器

cat > htdigest.py << 'EOF'
#!/usr/bin/env python
# encoding: utf-8
"""
htdigest.py
A barebones stand-in for the apache htdigest tool. It lacks the -c switch of the
original and doesn't handle comments or blank lines. Caveat sysadmin...
Created by Christian Swinehart on 2011-10-30.
Copyright (c) 2011 Samizdat Drafting Co. All rights reserved.
"""

from __future__ import with_statement
import sys
import os
from hashlib import md5
from getpass import getpass

class Passwd(object):
  def __init__(self, pth):
    super(Passwd, self).__init__()
    self.pth = os.path.abspath(pth)
    self.creds = []
    if not os.path.exists(self.pth):
      while True:
        resp = raw_input('%s does not exist. Create it? (y/n) '%self.pth).lower()
        if resp == 'y': break
        if resp == 'n': sys.exit(1)
    else:
      with file(self.pth) as f:
        for line in f.readlines():
          self.creds.append(line.strip().split(":"))

  def update(self, username, realm):
    user_matches = [c for c in self.creds if c[0]==username and c[1]==realm]
    if user_matches:
      password = getpass('Change password for "%s" to: '%username)
    else:
      password = getpass('Password for new user "%s": '%username)
    if password != getpass('Please repeat the password: '):
      print "Passwords didn't match. %s unchanged."%self.pth
      sys.exit(1)

    pw_hash = md5(':'.join([username,realm,password])).hexdigest()
    if user_matches:
      user_matches[0][2] = pw_hash
    else:
      self.creds.append([username, realm, pw_hash])

    new_passwd = "\n".join(":".join(cred) for cred in self.creds)
    with file(self.pth,'w') as f:
      f.write(new_passwd)

if __name__ == '__main__':
  if len(sys.argv) != 4:
    print "usage: htdigest.py passwdfile username 'realm name'"
    sys.exit(1)
  fn,user,realm = sys.argv[1:4]

  passwd = Passwd(fn)
  passwd.update(user,realm)

python htdigest.py digest-auth ‘szgd’
digest-auth 为文件名
szgd为realm

python htdigest.ph digest-auth test ‘szgd’
Password for new user “test”:
Please repeat the password:

cat > default.conf << 'EOF'
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

     auth_digest_user_file /etc/nginx/conf.d/digest-auth;
      location /private{
        auth_digest 'szgd';    #realm
      }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}
EOF

你可能感兴趣的:(数据库&中间件,nginx)