How to set up Apache htpasswd authentication in Ubuntu ⋆ ALexHost SRL
Your Trusted Web Hosting Partner Since 2008. Get VPS Now!
Support  +373 79 600002
English Flag English
Login Sign Up
Support  +373 79 600002
Sign Up Login
+373 79 600002
English Flag English
Your Trusted Web Hosting Partner Since 2008. Get VPS Now!

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
09.10.2024
Administration

How to set up Apache htpasswd authentication in Ubuntu

Using Apache’s htpasswd authentication is a simple way to add basic access control to web directories by requiring users to provide a username and password before accessing certain parts of the website. This type of authentication is often used to restrict access to sensitive areas, such as administration panels or development sites, and can be easily set up on an Ubuntu server running Apache.

Prerequisites

  • A server running Ubuntu with Apache2 installed.
  • Rout or sudo access to the server.
  • Basic knowledge of command line usage.

Step 1: Install Apache (if not already installed)

If Apache is not installed on your Ubuntu server, you can install it with the following command:

sudo apt update

sudo apt install apache2

Step 2: Activate the htpasswd utility

The htpasswd utility is provided by the apache2-utils package, which is usually installed with Apache. If it is not installed, you can install it by running:

sudo apt install apache2-utils

This command installs the necessary password management tools for htpasswd authentication files.

Step 3: Create the .htpasswd file

The .htpasswd file is used to store usernames and encrypted authentication passwords.

  1. To create a new .htpasswd file and add a user, run the following command:
    sudo htpasswd -c /etc/apache2/.htpasswd your_username

    Replace your_username with the username you want to create.

    • The -c option creates a new .htpasswd file . If the file already exists and you use -c, it will be overwritten, so only use it when you first create the file.
  2. Enter and confirm password: After running the command, you will be prompted to enter and confirm a password for the user. an /etc/apache2/.htpasswd file will be created with the encrypted password for your_name.
  3. Add additional users (optional): To add more users without overwriting the existing .htpasswd file, execute:
    sudo htpasswd /etc/apache2/.htpasswd another_username

    Replace another_username with the new username. This command adds the new user to the existing .htpasswd file.

Step 4: Configure Apache for password protection

You need to specify which directory or location you want to password protect. This is done using a .htaccess file or by directly editing the Apache configuration file.

Option 1: Using the .htaccess file

  1. Enabling .htaccess files: If you want to use .htaccess files to set up password protection, make sure that the AllowOverride directive is set to All for the directory you want to protect. Edit the appropriate Apache configuration file (for example, /etc/apache2/sites-available/000-default.conf):
    sudo nano /etc/apache2/sites-available/000-default.conf

    Find the section for your web root (e.g. /var/www/html) and set AllowOverride to All:

    <Directory /var/www/html>
    AllowOverride All
    </Directory>
  2. Restart Apache: After editing the configuration, restart Apache to apply the changes:
    sudo systemctl restart apache2
  3. Create an .htaccess file:Inside the directory you want to protect (for example, /var/www/html), create or edit an .htaccess file:
    sudo nano /var/www/html/.htaccess
  4. Add the following directives: Add the following lines to the .htaccess file:
    AuthType Basic
    AuthName “Restricted Content”
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
    • AuthType Basic: Specifies basic authentication.
    • AuthName: Message that will be displayed in the authentication message.
    • AuthUserFile: The path to your .htpasswd file.
    • Require Valid User: Restricts access to the users listed in the .htpasswd file.
  5. Save and close the file.

Option 2: Direct use of the Apache configuration file

If you prefer to manage authentication directly in the Apache configuration files instead of using .htaccess, follow these steps:

  1. Edit the virtual host configuration: Open the Apache configuration file for the site you want to secure (e.g., /etc/apache2/sites-available/000-default.conf):
    sudo nano /etc/apache2/sites-available/000-default.conf
  2. Add the authentication directives: Inside the block or the block that corresponds to the directory you want to protect, add the following:
    <Directory "/var/www/html">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
    </Directory>
  3. Save and close the configuration file.
  4. Restart Apache: After making the changes, restart Apache:
    sudo systemctl restart apache2

Step 5: Test authentication

Now go to the URL of the secure directory using your web browser (for example http://your_server_ip_or_domain). You should see a login prompt asking for a username and password.

  • Enter the username and password you created with the htpasswd command.
  • If the credentials are correct, you will be granted access to the directory; otherwise, you will be denied access.

Step 6: Protect the .htpasswd file

For security reasons, make sure that the .htpasswd file is stored outside the web root (for example, /etc/apache2/.htpasswd) so that it cannot be accessed directly by a web browser.

Make sure the .htpasswd file has the correct permissions:

sudo chmod 640 /etc/apache2/.htpasswd

sudo chown www-data:www-data /etc/apache2/.htpasswd

This ensures that only the Apache user (www-data) and root have read access to the .htpasswd file.

Conclusion

Setting up htpasswd authentication in Apache is an easy way to add basic access control to certain directories on your website. It is suitable for low-level security, especially in development or internal environments. However, for highly sensitive areas, consider using more robust authentication methods such as OAuth or integrating with an identity management system.

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
Related news
How to Connect to a Mac Mini M1 Remote Desktop

If you have purchased a dedicated server based on the Mac Mini M1 from AlexHost, follow this step-by-step guide...

Ability to view all available users in Linux

Linux is very widely used in server technology and development. One of the important aspects of Linux administration is...

10 Gbps with AlexHost: Understanding and Unveiling the Details

In today’s data-driven world, high-performance servers are key to achieving optimal results, and AlexHost offers 10 Gbps bandwidth options...