Official Power Up Hosting Blog

Everything about Linux, Windows, and hosting ;)

I am an avid book reader, who enjoys technology as well as writing.

Share


Our Newsletter


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Tags


Twitter


Official Power Up Hosting Blog

Set Up Password Authentication with Apache on Ubuntu 16.04 (In Just 4 steps)

Apurva ChodnekarApurva Chodnekar

Introduction:

Nowadays, protecting your online content is actually a must. Some of the content is too confidential to be accessed by just any user.

So, you have to restrict access and in order to do that, you need to protect it with a password.

Sure there are web applications that have their own authentication method. But we can also restrict access for the online content on the web server.

That brings us to our purpose here.

It is to set up password authentication with Apache on Ubuntu 16.04.

To make it more simple and less ambiguous, we will see how to set up password authentication in just 4 steps.

Prerequisites:

  1. You need to have access to the Ubuntu 16.04 server. Next, you will need a sudo user. Creating a sudo user is simple just refer the Ubuntu Server Setup Guide for Beginners (Version 16.04).

  2. Next, you need to have a apache2 web server. If you don't have it installed checkout this guide. How to Install LAMP stack on Ubuntu 16.04 (Easy Guide).

3)A secure site with SSL. You can set it up with Let's Encrypt if you own a domain, but if you don't own a domain you can use a self-assigned certificate.

Steps to set up password authentication with Apache on Ubuntu 16.04:

Step 1.To install the apache utilities package.

Our first step will be to install the apache utilities packages as we are going to need the utility htpasswd apache. It is a part of the apache2-utils package.

sudo apt-get update

sudo apt-get install apache2-utils

This will install the apache2-utils package.

Step 2. To create the password file.

Now that we have installed the apache2-utils package we can acess the htpasswd command and use it to create a password file. The password file will be of htpasswd file format.

Well, now, how to use htpasswd ?

Here's how:

When we use the htpasswd for the first time we need to add -c. The - c is added so that we can create the specified file.

To create a new entry within the specified file we have to mention the username at the end of the command. Here the username is 'dean'.

sudo htpasswd -c /etc/apache2/.htpasswd dean

When the above command is executed, you will be required to enter a password and then enter it again to confirm it.

Next, create a second user but this time don't use -c, as we are only going to create a new entry i.e user and not a new password file.

The second username in our example is 'castiel'.

sudo htpasswd /etc/apache2/.htpasswd castiel

To view the encrypted password with it's username you will have to use the below command:

cat /etc/apache2/.htpasswd

It will display all the entries in the specified file along with their encrypted passwords.

Output:
dean:$apr1$d/xh07ko$/nyf1UGdWfaA0rQ17VVAT/ castiel:$apr1$d/fq05jk$/Atfq6j7GLVEC15LAKN/

Step 3. To configure apache for password authentication.

We have created a password file that apache can read.

What we need to do next is ensure that apache actually checks this password file before it gives users access to the restricted content.

So we basically have to configure apache to make that happen.

This can actually be done in two ways.

You can choose either one of them based on your needs i.e
you can configure it for password authentication directly by adding few lines to the virtual host or you can add .htcacess files in the directories where you need to restrict acess.

A) To configure access control in the virtual host definition:

The first choice might not always be available as you need access to the configuration for that. But it is definitely the better one, out of the two options.

In this option, you have to edit the apache configuration and you can do that by adding password protection to the virtual host file.
It will give you quick results by omitting the time taken for reading distributed configuration files.

You need to start by opening the file that you want to set these restrictions to.
We are going to use 000-default.conf file. This file has already installed virtual host.

sudo nano /etc/apache2/sites-enabled/000-default.conf

i) When you open the 000-defult.conf file it will look somewhat like this:

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html . . . . . . ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

ii) You need to add a directory block to the virtual host file. It is necessary to do this as authentication is done on a per-directory basis.

Right now, what we will do is restrict access to the entire root directory.

You can choose any other directory you want to restrict access to.

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined . . . . . . <Directory "/var/www/html"> </Directory> . . . . . . </VirtualHost>

iii) Make sure that you don't set the authtype as none. You have to set apache authtype to Basic. It means that you're setting up basic authentication for root directory.

If you set AuthType to none it means you are disabling authentication, which is exactly the opposite of what we are doing.

Set a relevant Authname, as it will be displayed when the user is asked for the credentials while they are trying to access the restricted content.

At the end add Require valid user to the directory block. Only a valid user can gain access to the restricted content.

<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html . . . . . . ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Directory> . . . . . . </VirtualHost>

Once you have updated the virtual host file by with the above data save the file and then close it.

Check the configuration of the web server with the below command. It will give you a 'Syntax OK' output if everything is okay. Otherwise, it will give you details about the syntax error.

sudo apache2ctl configtest

Next, you have to restart the web server. You can even check the status of the server to make sure that it's running.

sudo systemctl restart apache2 sudo systemctl status apache2

That's how you set up password protection for the selected directory directly through the virtual host.

B) To configure access control with the .htacess file:

This option does not give you quick results but if you are already working with .htacess file it's better to go with this option.
sudo nano /etc/apache2/apache2.conf

We can enable password protection by using .htaccess file. For that, we have to open the apache2.conf file and change AllowOverride none to AllowOverride All.
This is done to turn on the .htaccess process.

. . . <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> . . .

Next, we need to add the .htaccess file to the directory we need to restrict access to. Here we are going to do it for the root directory.

sudo nano /var/www/html/.htaccess

With the authtype basic htaccess will grant basic authentication. The Authname will be displayed when the user is asked for his/her credentials.

We have to mention the password file we created as the AuthUserFile. And finally, we need a valid user to whom access will be granted upon when he/she enters the valid credentials.

AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user

After adding the .htaccess file restart the web server and check the status of your server with the following commands.

sudo systemctl restart apache2 sudo systemctl status apache2

Step 4: To verify password authentication.

Go to your web browser and try to access the restricted content.

If you have followed all the steps, you will be asked for your credentials i.e. the username and password.
It might look like this.

passwordauthenticationonubuntu16.04

If you enter the correct credentials, you will be able to view the restricted content.

But if you either cancel or enter the wrong credentials you will be led to the following web page.

passwordauthenticationwithapache

Conclusion:

That is how you go about setting up password authentication.

It doesn't matter if you choose to configure access control with either virtual host or htaccess htpasswd.

Just follow the steps and you should have no trouble restricting access to certain content of your website.

I am an avid book reader, who enjoys technology as well as writing.

Comments