Configure Ubuntu 10.10 to provide HTTPS service and digest authentication

Original website: http://www.qyjohn.net/?p=1147

Assuming you've installed the Ubuntu 10.10 operating system and Apache, Access http://localhost/in the browser to see it works tips.

$ sudo a2enmod SSL
$ sudo mkdir/etc/apache2/ssl
$ sudo openssl req-new-x509-days 365-nodes-out/etc/apache2/ Ssl/apache.pem-keyout/etc/apache2/ssl/apache.key

Answer a bunch of questions and get your SSL certificate.

Modify a configuration file

$ sudo pico/etc/apache2/ports.conf

You can see two lines of configuration like this:

Namevirtualhost *:80
Listen 80
Add a line below it, where 127.0.0.1 can be replaced with your IP:

Namevirtualhost 127.0.0.1:443

Modify a configuration file again

$ sudo pico/etc/apache2/sites-available/default

Add a few lines of configuration at the end, where 127.0.0.1 can be replaced with your IP:
<virtualhost 127.0.0.1:443>
Sslengine on
Sslcertificatefile/etc/apache2/ssl/apache.pem
Sslcertificatekeyfile/etc/apache2/ssl/apache.key

ServerAdmin info@mydomain.com
ServerName www.mydomain.com
documentroot/var/www/
</VirtualHost>

Restart Apache:

$ sudo service apache2 restart

Access to HTTPS://127.0.0.1/from the browser, it should be done.

Create a password-protected folder

$ sudo mkdir/var/www/protected

$ sudo pico. htaccess

Add the following in. htaccess

AuthName "Password Needed"
AuthType Basic
authuserfile/opt/www/http.passwd
Require Valid-user

Restart the Apache server

$ sudo service apache2 restart

At this point, if you access https://127.0.0.1/protected/, the login window will appear. Since we have not yet configured the authentication file, we cannot access the directory.

$sudo mkdir/opt/www

$CD/opt/www

Suppose we need to allow a user named Hello to access the above directory:

$sudo htpasswd-c http.passwd Hello

Two times enter the password, will generate the corresponding identity authentication file HTTP.PASSWD. It's time to visit https://127.0.0.1/protected/again and enter the username Hello and the password you just set.

If we need to add another user, such as Hello2, to the access, you can execute the same command, just to remove the-c parameter.

$sudo htpasswd-c http.passwd Hello2

The above authentication method, username and password are all transmitted through the network through the clear text, it is easy to be intercepted by other people by the way of sniffing. The Digest authentication method carries on the MD5 operation to the user input password, transmits the operation result to the server, thus avoids the password to direct intercept the possibility.

Next, configure Digest authentication.

$ sudo a2enmod auth_digest

Modify the. htaccess file for the corresponding directory:

$sudo pico/var/www/protected/.htaccess

Modify the AuthType to digest and save.

Delete the original identity authentication file:

$ sudo rm/opt/www/http.passwd

To create a new identity authentication file:

$ cd/opt/www

$ sudo htdigest-c http.passwd Realm Hello

To restart the Apache service:

$ sudo service apache2 restart

Get.