部暑nginx digest auth

1、使用docker生成容器镜像

1.1 国内源debain 换成国内源

mkdir  nginx-digest 
cd nginx-digest 
cat > sources.list << 'EOF'
deb http://mirrors.163.com/debian/ bullseye main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ bullseye-backports main non-free contrib
deb http://mirrors.ustc.edu.cn/debian-security/ stable-security main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian-security/ stable-security main non-free contrib
EOF
1
2
3
4
5
6
7
8
9
10
11
12

1.2 生成Dockerfile

cat > Dockerfile << 'EOF'
FROM nginx AS build
ADD  sources.list /etc/apt/sources.list
RUN apt-get update \
        && apt-get install --no-install-recommends -y git gcc make libpcre3-dev libssl-dev libxml2-dev libxslt-dev libgd-dev libgeoip-dev wget apache2-utils ca-certificates \
        && update-ca-certificates \
        && git clone https://ghproxy.com/https://github.com/atomx/nginx-http-auth-digest \
        && wget `nginx -v 2>&1|awk -F\/ '{print "https://nginx.org/download/nginx-"$2".tar.gz"}'` \
        && tar zxvf nginx-*.tar.gz \
        && ( cd nginx-* && nginx -V 2>&1|awk '/configure/{ print "./configure " substr($0,22) " --add-module=../nginx-http-auth-digest/ --sbin-path=/usr/sbin/"}' | sh && make -j4 && make install ) \
        && apt-get remove -y git gcc make libpcre3-dev libssl-dev libxml2-dev libxslt-dev libgd-dev libgeoip-dev wget apache2-utils \
        && apt-get autoremove -y \
        && apt-get clean all \
        && rm -rf /var/lib/apt/lists/* \
        && nginx -V

FROM nginx
COPY --from=build /usr/sbin/nginx /usr/sbin/nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

#生成镜像

docker build -t nginx-digest .
1

#buildkit生成多CPU架构镜像的方法

docker buildx build --platform arm64,amd64 -t  zengxiangbang/nginx-digest . --push
1

digest auth 帐密码生成器

cat > htdigest.py << 'EOF'
#!/usr/bin/env python
# encoding: utf-8
"""
htdigest.py
A barebones stand-in for the apache htdigest tool. It lacks the -c switch of the
original and doesn't handle comments or blank lines. Caveat sysadmin...
Created by Christian Swinehart on 2011-10-30.
Copyright (c) 2011 Samizdat Drafting Co. All rights reserved.
"""

from __future__ import with_statement
import sys
import os
from hashlib import md5
from getpass import getpass

class Passwd(object):
  def __init__(self, pth):
    super(Passwd, self).__init__()
    self.pth = os.path.abspath(pth)
    self.creds = []
    if not os.path.exists(self.pth):
      while True:
        resp = raw_input('%s does not exist. Create it? (y/n) '%self.pth).lower()
        if resp == 'y': break
        if resp == 'n': sys.exit(1)
    else:
      with file(self.pth) as f:
        for line in f.readlines():
          self.creds.append(line.strip().split(":"))

  def update(self, username, realm):
    user_matches = [c for c in self.creds if c[0]==username and c[1]==realm]
    if user_matches:
      password = getpass('Change password for "%s" to: '%username)
    else:
      password = getpass('Password for new user "%s": '%username)
    if password != getpass('Please repeat the password: '):
      print "Passwords didn't match. %s unchanged."%self.pth
      sys.exit(1)

    pw_hash = md5(':'.join([username,realm,password])).hexdigest()
    if user_matches:
      user_matches[0][2] = pw_hash
    else:
      self.creds.append([username, realm, pw_hash])

    new_passwd = "\n".join(":".join(cred) for cred in self.creds)
    with file(self.pth,'w') as f:
      f.write(new_passwd)

if __name__ == '__main__':
  if len(sys.argv) != 4:
    print "usage: htdigest.py passwdfile username 'realm name'"
    sys.exit(1)
  fn,user,realm = sys.argv[1:4]

  passwd = Passwd(fn)
  passwd.update(user,realm)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

python htdigest.py digest-auth ‘szgd’
digest-auth 为文件名
szgd为realm

python htdigest.py digest-auth test ‘szgd’
Password for new user “test”:
Please repeat the password:

cat > /data/nginx/conf.d/default.conf << 'EOF'
server {
    listen      35000;
    listen  [::]:35000;
    server_name  localhost;

    auth_digest_user_file /etc/nginx/conf.d/digest-auth;
    
    location ~ .*\.(js|css) {
      proxy_pass  http://127.0.0.1:35001;
      auth_digest 'szgd';
   }


    location / {
      proxy_pass  http://127.0.0.1:35001/;
   #   auth_digest 'szgd';
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

cat > /data/nginx/nginx.conf << 'EOF'
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

cat > /data/nginx/start.sh << 'EOF'
#!/bin/bash
docker rm -f  nginx

pwd=`dirname $0`
cd $pwd

docker run -d \
--network host \
--name nginx \
--restart=always \
-v /etc/localtime:/etc/localtime \
-v `pwd`/conf.d/:/etc/nginx/conf.d/ \
-v `pwd`/nginx.conf:/etc/nginx/nginx.conf \
-v `pwd`/logs:/usr/local/nginx/logs/ \
zengxiangbang/nginx-digest 
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17