Fatal编程技术网
  • magento/
  • Magento Nginx对整个文件夹进行身份验证

Magento Nginx对整个文件夹进行身份验证

magento nginx

Magento Nginx对整个文件夹进行身份验证,magento,nginx,Magento,Nginx,我们正在尝试使用nginx在我们的Zandbox/测试站点上设置Klaviyo 但是当我启用htpasswd时,Klaviyo无法从SOAP获取数据。 它需要访问www.mytestdomain.com/api/v2\u soap?wsdl=1来获取数据 如何禁用整个api文件夹的auth_basic?我已经做了一些php文件,但由于这不是一个特定的php文件,我不知道。我用于php文件的代码是: location = /folder/file.php { auth_basic off;

我们正在尝试使用nginx在我们的Zandbox/测试站点上设置Klaviyo

但是当我启用htpasswd时,Klaviyo无法从SOAP获取数据。 它需要访问www.mytestdomain.com/api/v2\u soap?wsdl=1来获取数据

如何禁用整个api文件夹的auth_basic?我已经做了一些php文件,但由于这不是一个特定的php文件,我不知道。我用于php文件的代码是:

location =  /folder/file.php {
  auth_basic off;
  try_files $uri =404;
  expires off;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  proxy_connect_timeout  2600s;
  proxy_send_timeout  2600s;
  proxy_read_timeout  2600s;
  fastcgi_send_timeout 2600s;
  fastcgi_read_timeout 2600s;
  fastcgi_pass zandbox;
  fastcgi_pass_request_headers on;
  fastcgi_keep_conn off;
  include fastcgi_params;
  fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
  fastcgi_param MAGE_RUN_CODE base;
  fastcgi_param MAGE_RUN_TYPE website;
  }
完整代码:

server {
    listen 80;
    server_name mydomain.dk www.mydomain.dk;
    return 301 https://www.mydomain.dk$request_uri;
}

server {
  listen 443 ssl;
  server_name mydomain.dk;

  ssl on;
  ssl_certificate /etc/ssl/www_mydomain_dk.crt;
  ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
  include /etc/nginx/ssl_common.conf;

  return 301 https://www.mydomain.dk$request_uri;

}

server {
  listen 443 ssl;
  server_name www.mydomain.dk;

  auth_basic "Restricted";
  auth_basic_user_file /etc/nginx/.htpasswd;

  location = /api/ {
     auth_basic "off";
  }

  ssl on;
  ssl_certificate /etc/ssl/www_mydomain_dk.crt;
  ssl_certificate_key /etc/ssl/www_mydomain_dk.key;
  include /etc/nginx/ssl_common.conf;

  root /var/www/www.mydomain.dk/deployed/current;
  add_header Access-Control-Allow-Origin "https://www.mydomain.dk";
  add_header Access-Control-Allow-Origin "https://mydomain.dk";

  include /etc/nginx/common.d/top_common.conf;
  include /etc/nginx/common.d/locations.conf;

  location ~ \.php$ {
    try_files $uri =404;
    expires off;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    proxy_connect_timeout  2600s;
    proxy_send_timeout  2600s;
    proxy_read_timeout  2600s;
    fastcgi_send_timeout 2600s;
    fastcgi_read_timeout 2600s;
    fastcgi_pass mydomain;
    fastcgi_pass_request_headers on;
    fastcgi_keep_conn off;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
    fastcgi_param MAGE_RUN_CODE base;
    fastcgi_param MAGE_RUN_TYPE website;
  }

  location =  /bridge_xcxcdd.php {
    auth_basic off;
    try_files $uri =404;
    expires off;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    proxy_connect_timeout  2600s;
    proxy_send_timeout  2600s;
    proxy_read_timeout  2600s;
    fastcgi_send_timeout 2600s;
    fastcgi_read_timeout 2600s;
    fastcgi_pass mydomain;
    fastcgi_pass_request_headers on;
    fastcgi_keep_conn off;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
    fastcgi_param MAGE_RUN_CODE base;
    fastcgi_param MAGE_RUN_TYPE website;
  }

location =  /api {
        auth_basic off;
        try_files $uri =404;
        expires off;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        proxy_connect_timeout  2600s;
        proxy_send_timeout  2600s;
        proxy_read_timeout  2600s;
        fastcgi_send_timeout 2600s;
        fastcgi_read_timeout 2600s;
        fastcgi_pass mydomain;
        fastcgi_pass_request_headers on;
        fastcgi_keep_conn off;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root${fastcgi_script_name};
        fastcgi_param MAGE_RUN_CODE base;
        fastcgi_param MAGE_RUN_TYPE website;
      }

}
我试了很多配置,最后有一个成功了。主要学习的不是将基本身份验证放在服务器块中,而是使用位置块。然后,不要在外部调用php,而是使用嵌套块,这样可以继承限制

下面我将展示一个仅echo的结构,它可以完成这项工作,您只需要以这种方式修改配置

events {
    worker_connections 1024;
}
http {
    server {
        listen 80;
        satisfy any;

        location / {
            auth_basic "Restricted";
            auth_basic_user_file /var/www/html/.htpasswd;
            echo "Restricted URL";

            location /api/ {
                auth_basic "off";

                echo "you reach /api";

                location ~ \.php$ {
                    echo "You reached unauthenticated php";
                }
            }

            location ~ \.php$ {
                echo "You reached authenticated php";
            }
        }

        location ~ \.php$ {
            echo "You reached php";
        }
    }
}
下面是我的测试

$ curl -u tarun:tarun localhost/abc/test.php
You reached authenticated php

$ curl -u tarun:tarun localhost/test.php
You reached authenticated php

$ curl localhost/test.php
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>openresty/1.11.2.2</center>
</body>
</html>

$ curl localhost/api/test.php
You reached unauthenticated php

$ curl localhost/api/test
you reach /api

$curl-u tarun:tarun localhost/abc/test.php
您访问了经过身份验证的php
$curl-u tarun:tarun localhost/test.php
您访问了经过身份验证的php
$curl localhost/test.php
401需要授权
401需要授权

openresty/1.11.2.2
$curl localhost/api/test.php
您访问了未经身份验证的php
$curl localhost/api/test
您可以访问/api
发布您尝试过的完整配置。这不行,当然。我现在已经添加了完整的代码:-)工作起来很有魅力,非常感谢!说谢谢还不够!