Goal: Restrict content access through username and password entry.
1: Apache Utilities Package
First, update your server’s package index:
sudo apt update
Check if the utilities package exists in your environment by executing the command
dpkg --get-selections | grep apache
Response:
apache2-utils install
libapache-pom-java install
So it exists. But what do you do if it doesn't exist?
How come I need to install apache-utils? To restrict access you will be using a utility called htpasswd, which is part of the apache2-utils package. To install execute the command:
sudo apt install apache2-utils
With this installed, you now have access to the htpasswd command.
2 Create the Password File
Now you can create a password file using the htpasswd. Create a hidden file for this purpose called .htpasswd within your /etc/apache2 configuration directory.
For the initial use of this tool, you need to add the -c option to create the .htpasswd file. In doing so, enter a username replacing {username} with your own:
sudo htpasswd -c /etc/apache2/.htpasswd {username}
You will be prompted to enter and re-type a password for the user, as follows:
New password:
Re-type new password:
Remember when you create more user's to leave out the -c argument so you don’t overwrite the file:
sudo htpasswd /etc/apache2/.htpasswd {next_user}
You can check the .htpasswd file contents to confirm its contents by using the command:
cat /etc/apache2/.htpasswd
The response will show the usernames and passwords. However, the passwords are encrypted.
3 Configuring Apache password authentication
Begin by editing the Apache configuration and add password protection to the virtual host file. Generally this option delivers better performance as it avoids the expense of reading distributed configuration files.
Look into the virtual host file that you wish to add an access restriction. Such as /etc/apache2/sites-available/your_domain.conf file that holds the virtual host. I didn't have a /etc/apache2/sites-available directory. However, following a find command, I found site-available directory in the nginx directory.
sudo find / -name sites-available -type d
Response
/etc/nginx/sites-available
Flag here is the only directory is in the Nginx directory. So go no further and change over the Nginx instructions. However, if you response was /etc/apaches/site-available then continue reading. In this directory I had two files:
ckan
default
Open up the file with a command-line text editor such as nano:
sudo nano default.conf
Added the following content
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName CKAN
ServerAlias {url}
DocumentRoot {path/to/directory}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "{path/to/directory}">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
sudo nano /etc/apache2/apache2.conf
Edit the file as follows
<Directory {path/to/your/installation}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Replace {path/to/your/installation} with your path to CKAN installation.