Securing sensitive content is essential for protecting data integrity and user privacy. One effective way to implement security is by restricting access to specific directories or resources using either Apache or Nginx authentication tools. This provides a comprehensive reference for configuring password protection on both Apache and Nginx web servers using the htpasswd utility.
Whether you are setting up a private section of your website, managing administrative panels, or securing confidential documents, this step-by-step tutorial ensures proper implementation of password-based access control. It covers everything from installing the necessary tools to configuring authentication and troubleshooting common issues.
Follow this guide to enhance the security of your web server and ensure only authorised users can access sensitive content.
Goal: Restrict content access through username and password entry.
1: Apache Utilities Package
Update Server Packages
First, update your server’s package index:
sudo apt update
Install Apache Utilities for htpasswd
How come I need to install apache-utils? To restrict access you will be using a utility called htpasswd, which is part of the apache2-utils package. To install execute the command:
sudo apt install apache2-utils
With this installed, you now have access to the htpasswd command.
2 Create the Password File
Generate a .htpasswd File
Now you can create a password file using the htpasswd. Create a hidden file for this purpose called .htpasswd within your /etc/apache2 configuration directory.
Create a password file using htpasswd. Store it in a secure directory such as /etc/nginx/ or /etc/apache2/ depending on your server type:
sudo htpasswd -c /etc/{server}/.htpasswd {username}
Replace {server} with nginx or apache2.
Enter and confirm the password when prompted:
New password:
Re-type new password:
Add More Users
Remember when you create more user's to leave out the -c argument so you don’t overwrite the file:
sudo htpasswd /etc/{server}/.htpasswd {next_user}
Overwrite a User’s Password
To update or override an existing user’s password:
sudo htpasswd /etc/{server}/.htpasswd {username}
This command allows you to reset the password without removing the user.
Verify File Contents
You can check the .htpasswd file contents to confirm its contents by using the command:
cat /etc/{server}/.htpasswd
The response lists the usernames and passwords. However, the passwords are encrypted.
3 Configuring password authentication
Begin by editing the Apache configuration and add password protection to the virtual host file. Generally this option delivers better performance as it avoids the expense of reading distributed configuration files.
Look into the virtual host file that you wish to add an access restriction. Such as /etc/apache2/sites-available/your_domain.conf file that holds the virtual host. I didn't have a /etc/apache2/sites-available directory. However, following a find command, I found site-available directory in the nginx directory.
sudo find / -name sites-available -type d
Response
/etc/nginx/sites-available
Flag here is the only directory is in the Nginx directory. So go no further and change over the Nginx instructions. However, if you response was /etc/apaches/site-available then continue reading. In this directory I had two files
ckan
default
Open up the file with a command-line text editor such as nano
sudo nano default.conf
Nginx Configuration
Locate your Nginx configuration file, typically
sudo nano /etc/nginx/sites-available/default
Add the following block inside the server configuration
location /protected/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Replace /protected/ with the path you wish to protect.
Apache Configuration
Locate your Apache configuration file, typically:
sudo nano /etc/apache2/sites-available/default.conf
Add the following block inside the virtual host configuration
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName CKAN
ServerAlias {url}
DocumentRoot {path/to/directory}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "{path/to/directory}">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Replace {path/to/directory} with the directory path you wish to protect.
4. Test and Restart the Server
Nginx
Test Nginx configuration
sudo nginx -t
Restart Nginx
sudo systemctl restart nginx
Apache
Test Apache configuration
sudo apachectl configtest
Restart Apache
sudo systemctl restart apache2
5. Password Limitations and Guidelines
Password Restrictions
- Spaces are not allowed in passwords as they are treated as separators
- Use only alphanumeric characters and symbols such as ! @ # $ % ^ & * - _
- Avoid passwords shorter than 8 characters for security reasons
- Passwords are case-sensitive
Override an Existing Password
To reset a password for an existing user, simply run
sudo htpasswd /etc/{server}/.htpasswd {username}
This replaces the previous password without requiring removal or recreation of the user.
Testing Password Authentication
After making changes, restart Apache to apply updates
sudo systemctl restart apache2
Then, navigate to the protected directory using a browser. When prompted, enter the username and password.
6. Troubleshooting Tips
Permission issues: Ensure the .htpasswd file has correct permissions
sudo chmod 640 /etc/{server}/.htpasswd
sudo chown root:www-data /etc/{server}/.htpasswd
Configuration errors: Check Apache logs
Nginx
sudo tail -f /var/log/nginx/error.log
Apache
sudo tail -f /var/log/apache2/error.log
Cache problems: Clear the browser cache if authentication prompts fail repeatedly.
The wrap
Whether your web server is Nginx or Apache that it is configured for password-protected access, securing sensitive directories effectively. Follow these steps carefully to implement authentication, and make sure to test access after each change.