Context Navigation

databaseandweb

Timestamp:: Nov 29, 2022, 10:35:06 PM (3 years ago)
Author:: admin
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

Csle2022/Agenda/databaseandweb

-              v17
+              v18
 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/Csle2022/Agenda/databaseandweb/web17.png)]]
+= Secure the Web Sites with Let's Encrypt =
+= Securing Apache =
+== Securing Apache with Basic Authentication ==
+Apache provides some inbuilt directory level authentication mechanism. Though this is not a most secure authentication method, this could be useful. To do this you need to create .htaccess within the web directory that you need to be password protected. For our lab we will protect our whole web site with this method. So let's create a .htaccess file on the document root.
+{{{
+cd /var/www/web.your_domain.com/public_html
+sudo nano .htaccess
+}}
+And add below,
+{{{
+AuthType Basic
+AuthName "Authentication Required"
+AuthUserFile "/var/www/web.your_domain.com/.htpasswd"
+require valid-user
+}}}
+Now you will add users using the htpasswd utility to a file call .htpasswd. Make sure this file to keep outside the document root.
+{{{
+htpasswd -c /var/www/web.your_domain.com/.htpasswd user
+}}}
+If you need to add another user please avoid the option -c,
+{{{
+htpasswd -c /var/www/web.your_domain.com/.htpasswd user2
+}}}
+Now refresh the site and you will be asked the password to enter the site.
+[[Image(https://ws.learn.ac.lk/raw-attachment/wiki/Csle2022/Agenda/databaseandweb/web33.png)]]
+== Secure the Web Sites with Let's Encrypt ==
 To secure web sites we need to install TLS/SSL certificates on the servers. These certificates are normally purchased from certificate vendors. But using Let's Encrypt we can have these certificates freely and easily. Here we will go through the steps to install certificates for your domains.