How to set up Apache htpasswd authentication in Ubuntu

Lock Down Your Site with Apache htpasswd on AlexHost Ubuntu VPS

Why use htpasswd? Apache’s htpasswd is your quick ticket to securing web directories—think admin panels or dev sites—with a simple username/password gate. It’s lightweight, perfect for basic access control, and a breeze to set up on an AlexHost Ubuntu VPS running Apache. This guide walks you through adding that lock-and-key vibe to your site, keeping sensitive areas safe without breaking a sweat.

Prerequisites

A server running Ubuntu with Apache2 installed.
Rout or sudo access to the server.
Basic knowledge of command line usage.

Step 1: Install Apache (if not already installed)

If Apache is not installed on your Ubuntu server, you can install it with the following command:

sudo apt update

sudo apt install apache2

Step 2: Activate the htpasswd utility

The htpasswd utility is provided by the apache2-utils package, which is usually installed with Apache. If it is not installed, you can install it by running:

sudo apt install apache2-utils

This command installs the necessary password management tools for htpasswd authentication files.

Step 3: Create the .htpasswd file

The .htpasswd file is used to store usernames and encrypted authentication passwords.

To create a new .htpasswd file and add a user, run the following command:
sudo htpasswd -c /etc/apache2/.htpasswd your_username
Replace your_username with the username you want to create.
- The -c option creates a new .htpasswd file . If the file already exists and you use -c, it will be overwritten, so only use it when you first create the file.
Enter and confirm password: After running the command, you will be prompted to enter and confirm a password for the user. an /etc/apache2/.htpasswd file will be created with the encrypted password for your_name.
Add additional users (optional): To add more users without overwriting the existing .htpasswd file, execute:
sudo htpasswd /etc/apache2/.htpasswd another_username
Replace another_username with the new username. This command adds the new user to the existing .htpasswd file.

Step 4: Configure Apache for password protection

You need to specify which directory or location you want to password protect. This is done using a .htaccess file or by directly editing the Apache configuration file.

Option 1: Using the .htaccess file

Enabling .htaccess files: If you want to use .htaccess files to set up password protection, make sure that the AllowOverride directive is set to All for the directory you want to protect. Edit the appropriate Apache configuration file (for example, /etc/apache2/sites-available/000-default.conf):
sudo nano /etc/apache2/sites-available/000-default.conf
Find the section for your web root (e.g. /var/www/html) and set AllowOverride to All:
<Directory /var/www/html> AllowOverride All </Directory>
Restart Apache: After editing the configuration, restart Apache to apply the changes:
sudo systemctl restart apache2
Create an .htaccess file:Inside the directory you want to protect (for example, /var/www/html), create or edit an .htaccess file:
sudo nano /var/www/html/.htaccess
Add the following directives: Add the following lines to the .htaccess file:
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
- AuthType Basic: Specifies basic authentication.
- AuthName: Message that will be displayed in the authentication message.
- AuthUserFile: The path to your .htpasswd file.
- Require Valid User: Restricts access to the users listed in the .htpasswd file.
Save and close the file.

Option 2: Direct use of the Apache configuration file

If you prefer to manage authentication directly in the Apache configuration files instead of using .htaccess, follow these steps:

Edit the virtual host configuration: Open the Apache configuration file for the site you want to secure (e.g., /etc/apache2/sites-available/000-default.conf):
sudo nano /etc/apache2/sites-available/000-default.conf
Add the authentication directives: Inside the block or the block that corresponds to the directory you want to protect, add the following:
<Directory "/var/www/html"> AuthType Basic AuthName "Restricted Content" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Directory>
Save and close the configuration file.
Restart Apache: After making the changes, restart Apache:
sudo systemctl restart apache2

Step 5: Test authentication

Now go to the URL of the secure directory using your web browser (for example http://your_server_ip_or_domain). You should see a login prompt asking for a username and password.

Enter the username and password you created with the htpasswd command.
If the credentials are correct, you will be granted access to the directory; otherwise, you will be denied access.

Step 6: Protect the .htpasswd file

For security reasons, make sure that the .htpasswd file is stored outside the web root (for example, /etc/apache2/.htpasswd) so that it cannot be accessed directly by a web browser.

Make sure the .htpasswd file has the correct permissions:

sudo chmod 640 /etc/apache2/.htpasswd

sudo chown www-data:www-data /etc/apache2/.htpasswd

This ensures that only the Apache user (www-data) and root have read access to the .htpasswd file.

Conclusion: Secure Your Site with Ease

Apache htpasswd is your quick fix for locking down web directories on your AlexHost Ubuntu VPS. Install tools, create

.htpasswd

, configure

.htaccess

or Apache, and test—boom, private zone ready. Secure that file, add SSL for safety, and you’re golden. Need help? AlexHost’s support is a ticket away. Lock it up and keep coding!