特定のIPでバイパスnginx認証

Question

私はすべての私のusenetプログラムにリンクされているすべてのHTTP基本認証の背後にロックされているnginxプロキシを持っています。

静的IPを持つ特定のデバイスでauthをバイパスしたいと思います。私は "許可"とipを追加しようとしましたが、それは動作しないようです。これに基づき

はどこ私はそれを

#user nobody; 
worker_processes 1; 

#error_log logs/error.log; 
#error_log logs/error.log notice; 
#error_log logs/error.log info; 

#pid  logs/nginx.pid; 


events { 
    worker_connections 1024; 
} 


http { 
    include  mime.types; 
    default_type application/octet-stream; 

    #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
    #     '$status $body_bytes_sent "$http_referer" ' 
    #     '"$http_user_agent" "$http_x_forwarded_for"'; 

    #access_log logs/access.log main; 

    sendfile  on; 
    #tcp_nopush  on; 

    #keepalive_timeout 0; 
    keepalive_timeout 65; 

    #gzip on; 

    server { 
    listen 80; 
    server_name _; 
    rewrite^https://$host$request_uri? permanent; 
    } 

    server { 
     listen 443 ssl; 
     server_name mydomain.com, 192.168.0.21; 



    ssl_certificate mydomain.crt; 
    ssl_certificate_key mydomain.key; 

    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 
    ssl_prefer_server_ciphers on; 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 

    ssl_dhparam dhparam.pem; 

     #charset koi8-r; 

     #access_log logs/host.access.log main; 



     location /{ 
      root html; 
      index index.php 



     auth_basic "closed site"; 
     auth_basic_user_file .htpasswd; 


     } 



     location /web{ 
     if ($http_x_plex_device_name = '') { 
      rewrite ^/$ http://$http_host/web/index.php; 
     } 

     proxy_pass http://192.168.0.21:32400/web/index.html; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

     } 

     location /nzbget { 
     proxy_pass http://192.168.0.21:6789; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

     } 

     location /plexpy { 
     proxy_pass http://127.0.0.1:8181/plexpy; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 
     } 

    location /comics { 
     proxy_pass http://127.0.0.1:8090; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 
     } 


     location /htpc { 
     proxy_pass http://127.0.0.1:8085; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 
     } 

       location /nzbhydra { 
     proxy_pass http://127.0.0.1:5075; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 


    } 
     location /sonarr { 
     proxy_pass http://127.0.0.1:8989; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 

    } 
    location /movies { 
     proxy_pass http://127.0.0.1:5050; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 


      } 
    location /deluge { 
     proxy_pass http://127.0.0.1:7741/; 
     proxy_set_header X-Deluge-Base "/deluge/"; 
     auth_basic   "closed site"; 
     auth_basic_user_file .htpasswd; 

        } 
    location /plexrequest{ 
     proxy_pass http://127.0.0.1:3579; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

       } 
    location /calendar{ 
     proxy_pass http://192.168.0.21:8989/sonarr/feed/calendar/NzbDrone.ics?apikey=myapi; 
     proxy_set_header Host $host; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

    } 



     #error_page 404    /404.html; 

     # redirect server error pages to the static page /50x.html 
     # 
     error_page 500 502 503 504 /50x.html; 
     location = /50x.html { 
      root html; 
     } 

     # proxy the PHP scripts to Apache listening on 127.0.0.1:80 
     # 
     #location ~ \.php$ { 
     # proxy_pass http://127.0.0.1; 
     #} 

     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 
     # 
      location ~ .php$ { 
    root   html; 
    fastcgi_pass 127.0.0.1:9000; 
    fastcgi_index index.php; 
    fastcgi_param SCRIPT_FILENAME C:/nginx-1.8.0/html/$fastcgi_script_name; 
    include  fastcgi_params; 
    } 

     # deny access to .htaccess files, if Apache's document root 
     # concurs with nginx's one 
     # 
     #location ~ /\.ht { 
     # deny all; 
     #} 
    } 


    # another virtual host using mix of IP-, name-, and port-based configuration 
    # 
    #server { 
    # listen  8000; 
    # listen  somename:8080; 
    # server_name somename alias another.alias; 

    # location/{ 
    #  root html; 
    #  index index.html index.htm; 
    # } 
    #} 


    # HTTPS server 
    # 
    #server { 
    # listen  443 ssl; 
    # server_name localhost; 

    # ssl_certificate  cert.pem; 
    # ssl_certificate_key cert.key; 

    # ssl_session_cache shared:SSL:1m; 
    # ssl_session_timeout 5m; 

    # ssl_ciphers HIGH:!aNULL:!MD5; 
    # ssl_prefer_server_ciphers on; 

    # location/{ 
    #  root html; 
    #  index index.html index.htm; 
    # } 
    #} 

} 

Answer 1

auth_basicを配置しなければならない設定変数を取り、geoモジュールは、あなたがこのような何かを試すことができますIPベースのmapのように働くことができます。

geo $auth_bypass { 
    192.168.1.0/24 "off"; 
    default "closed site"; 
} 
... 
auth_basic $auth_bypass;