Password protecting your WWW directory

This guide will show you how to password protect things in your public_html directory. By default anything in it will be publicly-visible and accessible. You can prevent this by password protecting the directories. This will also stop web crawlers from being able to index your data.

You'll need to execute some commands via SSH to use this software. There is a separate guide on how to connect to your slot via SSH. Commands are kept as simple as possible and in most cases will simply need to be copied and pasted into the terminal window (then executed by pressing the Enter key).

Table of contents

The guide changes depending on whether you use apache or nginx - please scroll to the relevant section below. The default is currently nginx but you can check which you're running by logging in via SSH and running the following command:

ps x

You'll get a list of processes. Look for one of the two different processes listed below to find out whether you're running Apache or Nginx.

/usr/sbin/apache2 -k start

You're running Apache (there may be several of these processes listed - that's fine)

nginx: master process /usr/sbin/nginx -c $home/.nginx/nginx.conf

You're running nginx ($home above will be replaced by the path to your home directory)

nginx

Nginx does not use .htaccess files. Instead, everything is contained in config files which specify the location and options. All locations are relative to the WWW root (in our case, the public_html directory).

This section assumes you wish to protect a directory named links - please alter your commands if you wish to protect another location.

Create the .conf file

First, we need some information that will go into our .conf file, namely the future location of our .htpasswd file. To get this information, simply copy and paste the following:

echo $HOME/private/.htpasswd

Copy the result to an open notepad document or similar, as we'll need it in a minute.

You can then start to create the .conf file. This guide will use Nano and as above takes a links directory as its example. To start writing the file, copy and paste:

nano ~/.nginx/conf.d/000-default-server.d/links.conf

Then, copy and paste the following into the document, changing passwd_path to the .htpasswd file location you generated earlier:

location /links {
    auth_basic "Please log in";
    auth_basic_user_file passwd_path;
}

Once you're done hold ctrl + x to save. Press y to confirm.

Finally, you need to reload the nginx configs by copying and pasting:

/usr/sbin/nginx -s reload -c ~/.nginx/nginx.conf

You can now move down to the section below, 'Create the .htpasswd file'.

Apache

Apache uses .htaccess files - these provide special instructions that Apache will interpret and apply to the web-server.

To password protect a directory you must use the .htaccess together with a .htpasswd file that stores the encrypted username and password information for created users.

Create the .htaccess file

You can use a text editor via SSH to create the .htaccess file at the location to be protected. This section assumes you wish to protect a directory named links - please alter your commands if you wish to protect another location.

Please note that the .htaccess file will restrict the directory its placed in and its children.

First, we need some information that will go into our .htaccess file, namely the future location of our .htpasswd file. To get this information, simply copy and paste the following:

echo $HOME/private/.htpasswd

Copy the result to an open notepad document or similar, as we'll need it in a minute.

You can then start to create the .htaccess file. This guide will use Nano and as above takes a links directory as its example. To start writing the file, copy and paste:

nano ~/www/$(whoami).$(hostname -f)/public_html/links/.htaccess

Then, copy and paste the following into the document, changing passwd_path to the .htpasswd file location you generated earlier:

AuthType Basic
AuthName "Secure Area"
AuthUserFile "passwd_path"
Require valid-user

Once you're done hold ctrl + x to save. Press y to confirm.

Finally, you need to change the permissions by copying and pasting:

chmod 600 ~/www/$(whoami).$(hostname -f)/public_html/links/.htaccess

You can now move down to the section below, 'Create the .htpasswd file'.

Quick - using the ruTorrent details to protect your links directory

If you have ruTorrent installed and all you want to do is password protect your links directory, simply copy and paste the following and press enter:

echo -e "AuthType Basic\nAuthName \"$(whoami)\"\nAuthUserFile \"$HOME/www/$(whoami).$(hostname -f)/public_html/rutorrent/.htpasswd\"\nRequire valid-user" > ~/www/$(whoami).$(hostname -f)/public_html/links/.htaccess

Create the .htpasswd file

Both the apache .htacess file and nginx's config files point to ~/private/.htpasswd for the authentication details, so this process is the same for both Apache and Nginx.

Create the .htpasswd file by copying and pasting the following (replacing username with a username you want):

htpasswd -cm ~/private/.htpasswd username

You'll be asked to type in and confirm your password. Please note that the password entry will not appear to respond to your input - it will not display ***** or something similar as you type.

Finally, you need to change the permissions by copying and pasting:

chmod 600 ~/private/.htpasswd

Troubleshooting

I get an Internal server error message when visiting my page

This is likely because something was mistyped in your .htaccess file - please double-check it for errors, making sure the locations are valid and correct.