Lab 6 Web-Server Configurations: A) Create The Directory Structures
Lab 6 Web-Server Configurations: A) Create The Directory Structures
Web-Server Configurations
b) Grant Permissions
Now we have the directory structure for our files, but they are owned by our root user. If we
want our regular user to be able to modify files in our web directories, we can change the
ownership by doing this:
The $USER variable will take the value of the user you are currently logged in as when you
press "ENTER". By doing this, our regular user now owns the public_html subdirectories
where we will be storing our content.
We should also modify our permissions a little bit to ensure that read access is permitted to the
general web directory and all of the files and folders it contains so that pages can be served
correctly:
sudo chmod -R 755 /var/www
Your web server should now have the permissions it needs to serve content, and your user
should be able to create content within the necessary folders.
Page 1
Let's start with test.net. We can open up an index.html file in our editor by typing:
nano /var/www/test.net/public_html/index.html
In this file, create a simple HTML document that indicates the site it is connected to. My file
looks like this:
<html>
<head>
<title>Welcome to test.net!</title>
</head>
<body>
<h1>Success! The test.net virtual host is working!</h1>
</body>
</html>
We can then open the file and modify the relevant pieces of information:
nano /var/www/test.com/public_html/index.html
<html>
<head>
<title>Welcome to Test.com!</title>
</head>
<body>
<h1>Success! The test.com virtual host is working!</h1>
</body>
</html>
Save and close this file as well. You now have the pages necessary to test the virtual host
configuration.
Page 2
Start by copying the file for the first domain:
ServerAdmin [email protected]
ServerName test.net
ServerAlias www.test.net
DocumentRoot /var/www/test.net/public_html
Repeat (e) to create the configuration file for the virtual host file for test.com.
When you are finished, you need to restart Apache to make these changes take effect:
sudo service apache2 restart
Page 3
2. Set Up Password Authentication with Apache
In order to create the file that will store the passwords needed to access our restricted content,
we will use a utility called htpasswd. This is found in the apache2-utils package within
the Ubuntu repositories.
Update the local package cache and install the package by typing this command. We will take
this opportunity to also grab the Apache2 server in case it is not yet installed on the server:
sudo apt-get update
sudo apt-get install apache2-utils
We now have access to the htpasswd command. We can use this to create a password file that
Apache can use to authenticate users. We will create a hidden file for this purpose called
.htpasswd within our /etc/apache2 configuration directory.
The first time we use this utility, we need to add the -c option to create the specified file. We
specify a username (sammy in this example) at the end of the command to create a new entry
within the file:
sudo htpasswd -c /etc/apache2/.htpasswd sammy
You will be asked to supply and confirm a password for the user.
Leave out the -c argument for any additional users you wish to add:
sudo htpasswd /etc/apache2/.htpasswd another_user
If we view the contents of the file, we can see the username and the encrypted password for
each record:
cat /etc/apache2/.htpasswd
c) Configure Apache Password Authentication
Now that we have a file with our users and passwords in a format that Apache can read, we need
to configure Apache to check this file before serving our protected content. We can do this in
two different ways.
The first option is to edit the Apache configuration and add our password protection to the
virtual host file. This will generally give better performance because it avoids the expense of
reading distributed configuration files. If you have this option, this method is recommended.
Page 4
If you do not have the ability to modify the virtual host file (or if you are already using
.htaccess files for other purposes), you can restrict access using an.htaccessfile. Apache
uses.htaccess` files in order to allow certain configuration items to be set within a file in a
content directory. The disadvantage is that Apache has to re-read these files on every request
that involves the directory, which can impact performance.
Configuring Access Control within the Virtual Host Definition
Begin by opening up the virtual host file that you wish to add a restriction to. For our example,
we'll be using the 000-default.conf file that holds the default virtual host installed through
Ubuntu's apache package:
sudo nano /etc/apache2/sites-enabled/000-default.conf
Inside, with the comments stripped, the file should look similar to this:
/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Authentication is done on a per-directory basis. To set up authentication, you will need to target
the directory you wish to restrict with a <Directory ___> block.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Save and close the file when you are finished. Restart Apache to implement your password
policy:
sudo service apache2 restart
Page 5