Magento Nginx对整个文件夹进行身份验证
我们正在尝试使用nginx在我们的Zandbox/测试站点上设置Klaviyo 但是当我启用htpasswd时,Klaviyo无法从SOAP获取数据。 它需要访问www.mytestdomain.com/api/v2\u soap?wsdl=1来获取数据 如何禁用整个api文件夹的auth_basic?我已经做了一些php文件,但由于这不是一个特定的php文件,我不知道。我用于php文件的代码是:Magento Nginx对整个文件夹进行身份验证,magento,nginx,Magento,Nginx,我们正在尝试使用nginx在我们的Zandbox/测试站点上设置Klaviyo 但是当我启用htpasswd时,Klaviyo无法从SOAP获取数据。 它需要访问www.mytestdomain.com/api/v2\u soap?wsdl=1来获取数据 如何禁用整个api文件夹的auth_basic?我已经做了一些php文件,但由于这不是一个特定的php文件,我不知道。我用于php文件的代码是: location = /folder/file.php { auth_basic off;
location = /folder/file.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass zandbox;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
完整代码:
server {
listen 80;
server_name mydomain.dk www.mydomain.dk;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name mydomain.dk;
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
return 301 https://www.mydomain.dk$request_uri;
}
server {
listen 443 ssl;
server_name www.mydomain.dk;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
location = /api/ {
auth_basic "off";
}
ssl on;
ssl_certificate /etc/ssl/www_mydomain_dk.crt;
ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
include /etc/nginx/ssl_common.conf;
root /var/www/www.mydomain.dk/deployed/current;
add_header Access-Control-Allow-Origin "https://www.mydomain.dk";
add_header Access-Control-Allow-Origin "https://mydomain.dk";
include /etc/nginx/common.d/top_common.conf;
include /etc/nginx/common.d/locations.conf;
location ~ \.php$ {
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /bridge_xcxcdd.php {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
location = /api {
auth_basic off;
try_files $uri =404;
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_connect_timeout 2600s;
proxy_send_timeout 2600s;
proxy_read_timeout 2600s;
fastcgi_send_timeout 2600s;
fastcgi_read_timeout 2600s;
fastcgi_pass mydomain;
fastcgi_pass_request_headers on;
fastcgi_keep_conn off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
fastcgi_param MAGE_RUN_CODE base;
fastcgi_param MAGE_RUN_TYPE website;
}
}
我试了很多配置,最后有一个成功了。主要学习的不是将基本身份验证放在服务器块中,而是使用位置块。然后,不要在外部调用php,而是使用嵌套块,这样可以继承限制 下面我将展示一个仅echo的结构,它可以完成这项工作,您只需要以这种方式修改配置
events {
worker_connections 1024;
}
http {
server {
listen 80;
satisfy any;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/html/.htpasswd;
echo "Restricted URL";
location /api/ {
auth_basic "off";
echo "you reach /api";
location ~ \.php$ {
echo "You reached unauthenticated php";
}
}
location ~ \.php$ {
echo "You reached authenticated php";
}
}
location ~ \.php$ {
echo "You reached php";
}
}
}
下面是我的测试
$ curl -u tarun:tarun localhost/abc/test.php
You reached authenticated php
$ curl -u tarun:tarun localhost/test.php
You reached authenticated php
$ curl localhost/test.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>
$ curl localhost/api/test.php
You reached unauthenticated php
$ curl localhost/api/test
you reach /api
$curl-u tarun:tarun localhost/abc/test.php
您访问了经过身份验证的php
$curl-u tarun:tarun localhost/test.php
您访问了经过身份验证的php
$curl localhost/test.php
401需要授权
401需要授权
openresty/1.11.2.2
$curl localhost/api/test.php
您访问了未经身份验证的php
$curl localhost/api/test
您可以访问/api
发布您尝试过的完整配置。这不行,当然。我现在已经添加了完整的代码:-)工作起来很有魅力,非常感谢!说谢谢还不够!