Skip to content

Instantly share code, notes, and snippets.

@caoxudong

caoxudong/content.markdown

Created July 31, 2014 13:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save caoxudong/1ea26b67bd6b0e1bd682 to your computer and use it in GitHub Desktop.
Save caoxudong/1ea26b67bd6b0e1bd682 to your computer and use it in GitHub Desktop.
Download ZIP
批量生成http basic auth的密码的脚本
Raw
content.markdown

配置nginx使用basic http认证方式

server {
    #proxy server for gerrit
    listen   80; ## listen for ipv4; this line is default and implied
    listen   [::]:88 default ipv6only=on; ## listen for ipv6
        
    index index.html index.htm;
        
    # Make site accessible from http://localhost/
    server_name localhost;
        
    location / {
        stub_status on;
        auth_basic "Sign in";
        auth_basic_user_file /home/public_internal/etc/nginx/httppassword;
        proxy_pass http://yourhost:yourport;
    }
    
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/www;
    }

}

批量生成密码的原始明文文件格式如下:

admin:caoxudong
caoxudong:caoxudong

生成后的密码文件格式如下:

admin:$apr1$seLECBcl$GDtQCA59fxNagsmT5WiMe1
caoxudong:$apr1$oNZc/.kJ$vWQjk3G0mFenTFg6cJUU/1

使用脚本generate_password_for_nginx_auth_basic.sh即可

Raw
generate_password_for_nginx_auth_basic.sh
#!/bin/sh
# generate for nginx basic http auth
# usage
usage() {
cat << EOF
Syntax:
generate_password_for_nginx_auth_basic
read username and password from console
generate_password_for_nginx_auth_basic -s username_and_password_file
the format of the line in name_and_password_file is "username:password"
generate_password_for_nginx_auth_basic -c "username1:password1" ["username2:password2"]
encrypt multiple usernames and passwords
Note:
The default passsowrd file is '/home/public_internal/etc/nginx/httppassword'
EOF
}
# crypt single username and password
crypt_and_update_password_file() {
local username="$1"
local password="$2"
# encrypt password
"$generate_password" -b "$password_file" "$username" "$password"
}
global_username=""
global_password=""
# read username and password from console
read_username_and_password() {
local username=""
local password=""
local re_password=""
# read the username
read -p "Please enter the username: " username
if [ "x$username" = "x" ] ; then
echo "Username cannot be blank."
exit 1
fi
# read the password
stty -echo
read -p "Please enter the password: " password
if [ "x$password" = "x" ] ; then
echo "password cannot be blank."
stty echo
exit 1
fi
# re-read the password
echo ""
read -p "Please re-enter the password: " re_password
if [ "x$re_password" = "x" ] ; then
echo "password cannot be blank."
stty echo
exit 1
fi
stty echo
echo ""
# match the password and re_password
if [ "x$password" != "x$re_password" ] ; then
echo "Passwords are different."
exit 1
else
global_username="$username"
global_password="$password"
fi
}
# check htpasswd command
generate_password="/usr/local/apache2/bin/htpasswd"
if [ "x$generate_password" = "x" ] ; then
echo "Cannot find htpasswd command."
exit 1
fi
# check password file
password_file="/home/public_internal/etc/nginx/httppassword"
if [ ! -f "$password_file" ] ; then
touch "$password_file"
fi
# run
parameters_count=$#
if [ $parameters_count -eq 0 ] ; then
read_username_and_password
crypt_and_update_password_file $global_username $global_password
else
option="$1"
case "$option" in
"-s" )
if [ ! -f "$2" ] ; then
usage
else
while read line
do
username=`echo $line | awk -F ':' '{print $1}'`
password=`echo $line | awk -F ':' '{print $2}'`
crypt_and_update_password_file $username $password
done < "$2"
fi
;;
"-c" )
until [ -z "$2" ]
do
username=`echo $2| awk -F ':' '{print $1}'`
password=`echo $2 | awk -F ':' '{print $2}'`
crypt_and_update_password_file $username $password
shift
done
;;
* )
usage
;;
esac
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment