我有一个 lighttpd 服务器,我想从中提供一些文件。不幸的是,该服务器当前设置为需要密码验证,我希望这些文件可以公开访问。
我怎样才能使特定子目录中的文件不需要密码?
更复杂的是,配置文件中的大部分内容都是由其他管理员设置的,因此我尽量小心,以免破坏任何现有的安全设置。
# config stuff that I am hesitant to change
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/foo.pem"
ssl.ca-file = "/etc/pki/tls/certs/foo.cert"
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
$HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico)" {
auth.require = (
"/" =>(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)
}
$HTTP["url"] =~ "^/portal" {
auth.require = (
"/portal" => (
"method" => "digest",
"realm" => "portal users",
"require" => "valid-user"
)
)
url.redirect = ( "" => "/portal/")
}
$HTTP["remoteip"] !~ "1.2.3.4|5.6.7.8" {
url.access-deny = ( "" )
}
# new directory that I want to make public
$HTTP["url"] =~ "^/public($|/)" {
dir-listing.activate = "enable"
}
我尝试将 添加/public/*
到第一个$HTTP["url"] !~
块的正则表达式中,但没有成功。我还尝试ssl.engine
在匹配的块内禁用/public($|/)
,但也没有成功。
答案1
这种设置对我来说非常有用,正如评论中所说的那样:
server.modules += ( "mod_auth" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/passwd"
$HTTP["url"] !~ "^(/portal/.*|/js/.*|/css/.*|/icons/.*|/favicon\.ico|/public/.*)" {
auth.require = (
"/" =>(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)
}
答案2
原来你能仅使用空列表有选择地禁用它:
auth.require = ()
对于OP的例子:
# new directory that I want to make public
$HTTP["url"] =~ "^/public($|/)" {
dir-listing.activate = "enable"
auth.require = ()
}
将此块放在文件最后可确保它覆盖所有其他指令,这些指令可能是您想要的,也可能不是,具体取决于您的设置。我有一个案例,其中有多个具有不同身份验证方案的虚拟主机,但我想绕过所有这些,以便/.well-known/acme-challenge/
能够certbot --webroot
获取 Let's Encrypt 证书。对于我的示例:
##### Let's Encrypt
$HTTP["url"] =~ "^/.well-known/acme-challenge/" {
server.document-root = "/var/www/"
auth.require = ()
}