如何在Ubuntu 18.04上使用Apache设置密码身份验证[快速入门]

news/2024/10/5 8:12:45

介绍 (Introduction)

This tutorial will walk you through password-protecting assets on an Apache web server running on Ubuntu 18.04. Completing these steps will provide your server with additional security so that unauthorized users cannot access certain parts of your page.

本教程将引导您逐步了解在Ubuntu 18.04上运行的Apache Web服务器上的密码保护资产。 完成这些步骤将为您的服务器提供额外的安全性,以便未经授权的用户无法访问页面的某些部分。

For a more detailed version of this tutorial, with more explanations of each step, please refer to How To Set Up Password Authentication with Apache on Ubuntu 18.04.

有关本教程的更详细版本,以及每个步骤的更多说明,请参考如何在Ubuntu 18.04上使用Apache设置密码认证 。

先决条件 (Prerequisites)

In order to complete this tutorial, you will need access to the following on an Ubuntu 18.04 server:

为了完成本教程,您将需要在Ubuntu 18.04服务器上访问以下内容:

  • A sudo user on your server


  • An Apache2 web server

    Apache2 Web服务器

  • A site secured with SSL


第1步-安装Apache Utilities软件包 (Step 1 — Install the Apache Utilities Package)

We’ll install a utility called htpasswd, part of the apache2-utils package to manage usernames and passwords with access to restricted content.


  • sudo apt update

    sudo apt更新
  • sudo apt install apache2-utils

    sudo apt安装apache2-utils

第2步-创建密码文件 (Step 2 — Create the Password File)

We’ll create the first user as follows (replace `first_username with username of your choice):

我们将如下创建第一个用户(用您选择的用户名替换` first_username ):

  • sudo htpasswd -c /etc/apache2/.htpasswd first_username

    须藤htpasswd -c /etc/apache2/.htpasswd first_username

You will be asked to supply and confirm a password for the user.


Leave out the -c argument for any additional users you wish to add so you don’t overwrite the file:


  • sudo htpasswd /etc/apache2/.htpasswd another_user

    须藤htpasswd /etc/apache2/.htpasswd another_user

步骤3 —配置Apache密码身份验证 (Step 3 — Configure Apache Password Authentication)

In this step, we need to configure Apache to check this file before serving our protected content. We will do this by using the site’s virtual host file, but there is another option detailed in the longer tutorial if you don’t have access or prefer to use .htaccess files instead.

在此步骤中,我们需要配置Apache在提供受保护的内容之前检查该文件。 我们将通过使用站点的虚拟主机文件来执行此操作,但是如果您无权访问或更喜欢使用.htaccess文件,则在较长的教程中将详细介绍另一个选项。

Open up the virtual host file that you wish to add a restriction to with a text editor such as nano:


  • sudo nano /etc/apache2/sites-enabled/default-ssl.conf

    须藤纳米/ etc / apache2 / sites-enabled / default-ssl.conf

Authentication is done on a per-directory basis. In our example, we’ll restrict the entire document root, but you can modify this listing to only target a specific directory within the web space.

身份验证是基于每个目录进行的。 在我们的示例中,我们将限制整个文档的根目录,但是您可以修改此列表,使其仅定位到Web空间中的特定目录。

In this step, add the following highlighted lines in your file:


<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Directory "/var/www/html">
      AuthType Basic
      AuthName "Restricted Content"
      AuthUserFile /etc/apache2/.htpasswd
      Require valid-user

Check the configuration with the following command:


You can restart the server to implement your password policy, and then check the status of your server.


  • sudo systemctl restart apache2

    sudo systemctl重新启动apache2
  • sudo systemctl status apache2

    sudo systemctl状态apache2

步骤4 —确认密码身份验证 (Step 4 — Confirm Password Authentication)

To confirm that your content is protected, try to access your restricted content in a web browser. You should be presented with a username and password prompt:

要确认您的内容受到保护,请尝试在Web浏览器中访问受限制的内容。 您应该看到一个用户名和密码提示:

翻译自: https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-18-04-quickstart




