Nginx 代理 Wordpress http auth
Nginx proxy Wordpress http auth
我尝试在 https://www.example.de/wp-admin.php & /wp-login.php 上创建密码,但它不起作用并跳过身份验证部分。
我的配置:
server {
set $forward_scheme https;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
location ^~ / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
# HTTP aut wp-login & wp-admin areas
location ~* /(wp-login\.php) {
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
deny all;
allow 127.0.0.1;
satisfy all;
}
location ~* /wp-admin/.*\.php$ {
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
deny all;
allow 127.0.0.1;
satisfy all;
}
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
}
请随意做得比我好。
~谢谢!
似乎是你的位置顺序不正确,试试这个(也有小修正):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
set $forward_scheme https;
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
# HTTP aut wp-login & wp-admin areas
location ~ ^/(wp-admin|wp-login\.php) {
satisfy any;
deny all;
allow 127.0.0.1;
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
}
此解决方案由 @TexosAC and is owned by @user973254
编辑
似乎是您所在位置的顺序不正确,试试这个(也是一些小的修复):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
set $forward_scheme https;
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
# HTTP aut wp-login & wp-admin areas
location ~ ^/(wp-admin|wp-login\.php) {
satisfy any;
deny all;
allow 127.0.0.1;
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
location / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
}
我尝试在 https://www.example.de/wp-admin.php & /wp-login.php 上创建密码,但它不起作用并跳过身份验证部分。
我的配置:
server {
set $forward_scheme https;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
location ^~ / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
# HTTP aut wp-login & wp-admin areas
location ~* /(wp-login\.php) {
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
deny all;
allow 127.0.0.1;
satisfy all;
}
location ~* /wp-admin/.*\.php$ {
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
deny all;
allow 127.0.0.1;
satisfy all;
}
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
}
请随意做得比我好。
~谢谢!
似乎是你的位置顺序不正确,试试这个(也有小修正):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
set $forward_scheme https;
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
# HTTP aut wp-login & wp-admin areas
location ~ ^/(wp-admin|wp-login\.php) {
satisfy any;
deny all;
allow 127.0.0.1;
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
}
此解决方案由 @TexosAC and is owned by @user973254
编辑似乎是您所在位置的顺序不正确,试试这个(也是一些小的修复):
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.de;
set $forward_scheme https;
# Logging
access_log /var/log/nginx/alllectra.access.log;
error_log /var/log/nginx/alllectra.error.log;
# Exploit prevention
# Error Pages
# Assets
include /etc/nginx/conf.d/exploit.conf;
include /etc/nginx/conf.d/err.conf;
#include /etc/nginx/conf.d/assets.conf;
# HTTP aut wp-login & wp-admin areas
location ~ ^/(wp-admin|wp-login\.php) {
satisfy any;
deny all;
allow 127.0.0.1;
auth_basic "Authorization Required";
auth_basic_user_file /etc/nginx/.htpasswd;
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
location / {
include /etc/nginx/conf.d/proxy.conf;
proxy_pass https://10.10.10.6;
client_max_body_size 100M;
sendfile on;
}
}