Apache is a free, open-source web server. When hosting your application on an Apache server, it becomes accessible to anyone over the Internet. However, in some cases, you may need to secure your application so that only authenticated users can access it. You can do this by setting up password authentication using Apache's htpasswd utility.
In this tutorial, we will guide you through the process of setting up password authentication with Apache on Ubuntu 20.04.
1: Update Your System
First, connect to your server as the root user and update your base system with the latest available packages:
apt-get update -y
2: Install Apache
Install Apache along with the necessary utilities:
apt-get install apache2 apache2-utils -y
3: Start and Enable Apache
After installing Apache, start the service and enable it to start automatically after a system reboot:
systemctl start apache2
systemctl enable apache2
To verify the installation, open your browser and navigate to http://your-server-ip. You should see the default Apache web page.
4: Create a Password File
To protect your application, create a password file that Apache will use to authenticate users. You can create a hidden .htpasswd file in the /etc/apache2 directory for a user named test_user using the htpasswd utility:
htpasswd -c /etc/apache2/.htpasswd test_user
Enter a password for the test_user when prompted.
This will generate a .htpasswd file containing the user credentials, which will be used to secure access to your site.
5: Set Up Your Website Directory
Create a directory for your website using the following command:
mkdir /var/www/html/domain_name
6: Create an HTML File
Next, create an index.html file inside your web directory:
nano /var/www/html/domain_name/index.html
Then add the following content there:
7: Change the ownership of your web directory to the Apache user (www-data) to ensure the correct permissions for Apache to serve your website:
chown -R www-data:www-data /var/www/html/domain_name
8: create an Apache virtual host configuration file for your website and set up basic authentication:
nano /etc/apache2/sites-available/domain.conf
9: Add the following configuration:
<VirtualHost *:80>
ServerAdmin webmaster@domain_name
ServerName domain_name
DocumentRoot /var/www/html/domain_name
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html/domain_name">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
10: After saving the configuration, check the Apache syntax for any errors with the following command:
apachectl -t
You should get the output:
If there are no issues, enable the new virtual host configuration:
a2ensite domain.conf
11: Restart Apache to apply the changes:
systemctl restart apache2
Your site is now protected by Apache's basic authentication. To verify the setup, open your web browser and navigate to http://domain_name.
Then enter your username and password and click on the Sign in button. You should see your website default page
