2022年7月29日 星期五

Debian 11 Apache2 使用自訂腳本身份認證

安裝軟體及設定
apt install libapache2-mod-authnz-external
a2enmod authnz_external
apache2ctl graceful

編輯 /etc/apache2/apache2 
 <VirtualHost 192.168.1.1:80>
#<VirtualHost *:80>
DefineExternalAuth bashtest pipe "/home/apache2/1.sh"
     #   ServerName example.com
     #   ServerAlias www.example.com
        ServerAdmin webmaster@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        ProxyPreserveHost Off
        AllowEncodedSlashes On
        KeepAlive Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        <Location />
          AuthType Basic
          AuthName "You need to login"

        AuthBasicProvider external
        AuthExternal bashtest
        Require valid-user
          Order allow,deny
          Allow from all
        </Location>

        RequestHeader unset Authorization
        ProxyPass / http://192.168.0.1:8080/
        ProxyPassReverse / http://192.168.0.1:8080/
   </VirtualHost>

編輯 認證腳本 /home/apache2/1.sh
#!/bin/bash
f=/home/apache2/1
read user ;echo user=$user >$f
read password ;echo password=$password >>$f
env >>$f

[ "$user" = "user" ]&&[ "$password" = "password" ]&& {
  echo "username/password allowed for user $user\n";
  exit 0;
}

echo "wrong username or password for user $user\n";
sleep(1);
exit 1;

沒有留言: