I tried basic authentication using Apache
Hello, my name is Ken. This is my first time writing a blog, so I'm very nervous. perhaps,,,,,. I love coffee, and I make coffee almost every day at work, and I offer it to other Beyond members! and every dayPush me, is recommended.
What I used this time
virtualbox version 6.1
vagrant version 2.2.19
vagrant box: centos/7
apache version 2.4.6
What is basic authentication?
First, let's take a look at Wikipedia's explanation.
Basic Authentication is the authentication methods defined by HTTP (HTTP authentication). Also called basic authentication
With Basic authentication, the username and password pair is connected with a colon ":", encoded in Base64, and sent. For this reason, it has the disadvantage that it is easy to eavesdrop and tamper with, but it is widely used because it is supported by almost all web servers and browsers.
To prevent eavesdropping and tampering, a method called Digest Authentication was later devised in which the username and password were hashed using MD5 and sent.
Citation: https://ja.wikipedia.org/wiki/Basic%E8%AA%8D%E8%A8%BC (as of 2022/08/12)
Huh? ? ? What are you talking about? ? wikipedia! !
In short, it's about restricting access to a website, and you can do that easily with just a few lines. Before logging into the site, you must enter your username and password, otherwise you will not be able to log in.
Let's set up a Virtualhost with Apache and try basic authentication!
This time, our goal is to apply basic authentication to the public screen set up on the VirtualHost installed in vagrant.
Change the Vagrantfile settings and try logging into vagrant
Edit vagrantfile to enable internet connection within the local environment.
An example of Vagrantfile has the following settings.
All you need to connect is
config.vm.network "private_network", ip: "192.168.43.20"
It becomes.
# -*- mode: ruby -*- # vi: set ft=ruby : # All Vagrant configuration is done below. The "2" in Vagrant.configure # configures the configuration version (we support older styles for # backwards compatibility). Please don't change it unless you know what # you're doing. Vagrant.configure("2") do |config| # Every Vagrant development environment requires a box. You can search for # boxes at https://vagrantcloud. com/search. config.vm.box = "centos/7" # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below, # accessing "localhost: 8080" will access port 80 on the guest machine. # NOTE: This will enable public access to the opened port config.vm.network "forwarded_port", guest: 80, host: 8080 # Create a private network, which allows host-only access to the machine # using a specific IP. config.vm.network "private_network", ip: "192.168.43.20" end
When you have finished editing, vagrant up.
vagrant up
Once vagrant up is complete, connect with vagrant ssh,
vagrant ssh
The connection is now complete.
Verifying apache installation and display
First, let's start by installing apache.
sudo yum install httpd
The installation is complete when complete is displayed.
systemctl status httpd
At this point, it has not started yet, so it will display as inactive (dead).
● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl (8)
Start apache.
sudo systemctl start httpd
Check the apache status again to confirm that it has started.
systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2022-08-12 05 :55:17 UTC; 4s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 2443 (httpd) Status: "Processing requests..." CGroup: /system.slice/httpd.service tq2443 / usr/sbin/httpd -DFOREGROUND tq2444 /usr/sbin/httpd -DFOREGROUND tq2445 /usr/sbin/httpd -DFOREGROUND tq2446 /usr/sbin/httpd -DFOREGROUND tq2447 /usr/sbin/httpd -DFOREGROUND mq2448 /usr/sbin/httpd -DFOREGROUND
If you can confirm that the display is active (running), apache is running.
Furthermore, we will also confirm that the apache test page is displayed.
If you type http://localhost:8080 in your browser and the apache test screen is displayed, it's OK.
Let's set up a Virtualhost
First of all, create a document root for Virtualhost.
mkdir -p /var/www/vhosts/example.com/public_html
After creating, move to public_html.
cd /var/www/vhosts/example.com/public_html
Create a file to be displayed under public_html
vi index.html
Write down anything you like about the contents. Since this is a test for Virtualhost, the wording should be as follows.
This is a test for the basic document
When you are finished writing, save with :wq and close the page.
Next, create a Virtualhost conf file like the one we will create this time.
In order to read the conf file, it needs to be placed under /etc/httpd/conf.d, so move it to the file under conf.
cd /etc/httpd/conf.d/
Once you can move to the conf directory, create a conf for Virtualhost.
vi vhost.conf
Write ServerName and DocumentRoot in vhost.conf.
<VirtualHost *:80>ServerName example.com DocumentRoot /var/www/vhosts/example.com/public_html</VirtualHost>
Restart apache for the settings to take effect.
systemctl restart httpd
This alone will not reflect the change, so you will need to configure it locally on Windows. The next step is to edit the hosts file. The location of the host file is in the following directory.
C:\Windows\System32\drivers\etc\hosts
Enter this into Explorer, open Notepad with administrator privileges, and add the following to the host file.
192.168.43.20 example.com
Add this and save.
After that, if the settings are correct, when you type http://example.com in your browser, the site listed in index.html will be displayed.
If you see something like this, you have successfully configured the VirtualHost.
Next, configure basic authentication for this VirtualHost.
Let's set up basic authentication
The site that will be subject to basic authentication this time is:
/var/www/vhosts/example.com/public_html
, so we will configure it so that basic authentication is required only for the sites in the above path.
sudo htpasswd -c /var/www/vhosts/example.com/.htpasswd username
Set any user name and password. When you type the above command, you will be asked to enter password, so set a password. You will be asked twice to confirm your password, so enter the password you want twice. Once that's done, run the cat command to check if the user and password are set.
cat /var/www/vhosts/example.com/.htpasswd
The user name and hashed password were displayed in the output, so I was able to confirm that the settings were correct.
vagrant:$apr1$5XrvFjtv$45oq4gzLiu708WtVYuOtq0
Now that we have changed the settings around permissions, we will configure the settings so that basic authentication is performed. This time, we will use .htaccess to perform basic authentication.
Create a .htaccess file under the document root.
sudo vi /var/www/vhosts/example.com/public_html/.htaccess
Then, put the settings that require basic authentication in .htaccess.
AuthType Basic AuthName basic auth test AuthUserFile /var/www/vhosts/example.com/.htpasswd require valid-user
When you have finished writing, press :wq to save.
And since apache does not allow .htaccess settings by default, we will configure it to allow it.
Specifically, we will add settings to vhost.conf so that we can configure basic authentication for /var/www/vhosts/example.com/public_html. The contents to be added are as follows.
<VirtualHost *:80>ServerName example.com DocumentRoot /var/www/vhosts/example.com/public_html<Directory /var/www/vhosts/example.com/public_html> AllowOverride AuthConfig</Directory></VirtualHost>
First, in order to decide which Directory to reflect the settings,<Directory /var/www/vhosts/example.com/public_html></Directory> I will describe it. By setting AllowOverride to AuthConfig, settings such as basic authentication can be reflected. Once you have made this change, restart your computer for the previous settings to take effect.
sudo systemctl restart httpd
The settings should now be reflected, so search for http://example.com again and check the display.
The basic authentication image is displayed! ! ! Just to be sure, I entered the username and password I had set, and the image in index.html was displayed properly! ! !
summary
When setting up basic authentication, you might get nervous because it won't show up even though you've set it up, but I learned the importance of not worrying and just googling it. Up until now, I've been mainly studying apache, but next time I'd like to write about how to do basic authentication with nginx on my blog.
Thank you for reading and I have just previewed the theme of my next blog. I hope you have a nice summer.