I would assume you have http package installed on your setup, if not you can manually install them
If you do not have an active online yum repository then you can create an offline yum repository
next install httpd and all it's dependency packages
I have a directory under "/var/www/html/secret/" which must be only accessed by user "deepak"
So let us first create this directory
I will create a dummy index.html file inside /var/www/html/secret/ for deepak
###########
## This is a secret file for Deepak only
###########
Before starting with our httpd configuration, we should create passwd file for user "deepak".
NOTE: Here deepak will not use the system's passwd file, instead we will have to create a new one which will be used by Apache for the authentication which will be created by htpasswd
- htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users.
- Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd.
- htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine.
- Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().
New password:
Re-type new password:
Adding password for user deepak
NOTE: You can give any other secure path for the .htpasswd file. For me I am using /etc/httpd
If you see the content of this .htpasswd file
deepak:$apr1$2D7PPz82$cSP2lNCNmzE80dXrXakAI/
Here
Next, you'll need to configure the server to request a password and tell the server which users are allowed access.
You can do this either by editing the httpd.conf file or using an .htaccess file.
For example, if you wish to protect the directory /var/www/html/secret/, you can use the following directives, either placed in the file /var/www/html/secret/.htaccess, or placed in /etc/httpd/conf/httpd.conf inside a <Directory "/var/www/html/secret"> section.
Method 1: Using .htaccess file
If you plan to use .htaccess files, you will need to have a server configuration that permits putting authentication directives in these files. This is done with the AllowOverride directive, which specifies which directives, if any, may be put in per-directory configuration files.
Since we're talking here about authentication, you will need an AllowOverride directive like the following
So let me append this in my /etc/httpd/conf/httpd.conf
NOTE: Comment all other Directory variable in your httpd.conf pointing to /var/www or /var/www/html or similar path. Or you must add AllowOverride AuthConfig to all those Directory variables for .htaccess to work since our secret directory lies under /var/www/html
<Directory "/var/www/html/secret">
AllowOverride AuthConfig
</Directory>
NOTE: I have used an alias here which is optional.
Next create a .htaccess file with below content at /var/www/html/secret/.htaccess
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
We are all set up to start out httpd server
# systemctl is-active httpd
active
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password
Method 2: Using Directory in httpd.conf
Add below content at then end of "/etc/httpd/conf/httpd.conf".
NOTE: Here VirtualHosting is not needed mandatory, I have just added to add a custom error log and DocumentRoot which can come handy
<VirtualHost 192.168.1.6:80>
ServerAdmin root@server.golinuxhub.com
ServerName golinuxhub-server
DocumentRoot /var/www/html/secret
ErrorLog logs/error_log
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile /etc/httpd/.htpasswd
Require user deepak
</Directory>
</VirtualHost>
Save and exit the file followed by a service restart
# systemctl is-active httpd
active
Now you can try to access your page with an alias /web as we have used, it must prompt for username and password.
How to provide authentication to multiple users?
The steps are similar and again can be done using both the methods as explained earlier. For the sake of this example I will use <Directory> method to give an example
Assign password to all other users using below command and the same password file as used earlier
New password:
Re-type new password:
Adding password for user ankit
# htpasswd /etc/httpd/.htpasswd amit
New password:
Re-type new password:
Adding password for user amit
Now if we check we have three entries for three difference users
amit:$apr1$//0qsYXA$b/YBtjYWNVnAq.ktus1yD.
deepak:$apr1$eAmlseNr$F8TRQZvqoxGn5TDmdrT311
ankit:$apr1$bEXxG.Wh$Ejavy56OHpFVBHs8ETah41
Next we will need to create a group file that associates group names with a list of users in that group. The contents of the file will look like this:
NOTE: You can create the group with any name and can be at any location, for me I am using below path.
GroupName: deepak amit ankit
Here I have added three users to my group for which I will pass authentication using httpd.conf
Next update your httpd.conf with below content
<Directory "/var/www/html/secret">
AuthType Basic
AuthName "Secret Files"
AuthUserFile "/etc/httpd/.htpasswd"
AuthGroupFile "/etc/httpd/.groups"
Require group GroupName
</Directory>
You can use the same content under "/var/www/html/secret/.htaccess" if you wish to use Method 1 from this article.i.e with htaccess
Here we are using "Require group" instead of "Require user" and added a new argument "AuthGroupFile" to point to the group file we have created
Next save and exit the file and restart the httpd service to activate our change
# systemctl is-active httpd
active
So all looks good, give your change a trial to see if the browser prompts you for authentication
I hope the article was useful.