If you require authentication on certain directories using the Lighttpd web server, you can use Lighttpd's mod_auth module. It allows you to protect any directory in web server with access restrictions (just like Apache's password protected directory) .
Lighttpd supports both basic and digest authentication methods. Now consider following sample setup:
Domain name: theos.in Directory (DocRoot) to protect with a password: /home/lighttpd/theos.in/http/docs Username: vivek Lighttpd password file: /home/lighttpd/.lighttpdpassword (this file should be outside default http document root)
Easy to implement and password stored in cleartext format using files. If you are going to use this method make sure you use SSL (Secure Socket Layer) connection/encryption.
Step #1: Open /etc/lighttpd/lighttpd.conf file
Make sure mod_auth is loaded:
server.modules += ( "mod_auth" )
Now add following three directives:
auth.debug = 2 auth.backend = "plain" auth.backend.plain.userfile = "/home/lighttpd/.lighttpdpassword"
Where,
auth.debug = 2 : Specify debug level (0 turns off debug message, 1 for authentication ok message and 2 for detailed/verbose debugging message). This is useful for troubleshooting authentication problem. It logs message in access.log and error.log files
auth.backend = “plain” : You are using plain text backend (other options are ldap, htpasswd and others)
auth.backend.plain.userfile = “/home/lighttpd/.lighttpdpassword” : Filename of the username:password storage
Next, you need specify which directory you want to password protect. For example, consider directory /home/lighttpd/theos.in/http/docs directory. Find out your domains virtual hosting section (theos.in) and append following text:
auth.require = ( "/docs/" => ( "method" => "basic", "realm" => "Password protected area", "require" => "user=vivek" ) )
Where,
auth.require = ( “/docs/” ⇒ : Directory name
“method” ⇒ “basic”, : Authentication type
“realm” ⇒ “Password protected area”, : Password realm/message
“require” ⇒ “user=vivek” : Only user vivek can use /docs/
At the end, your configuration should read as follows:
$HTTP["host"] == "theos.in" { server.document-root = "/home/lighttpd/theos.in/http" server.errorlog = "/var/log/lighttpd/theos.in/error.log" accesslog.filename = "/var/log/lighttpd/theos.in/access.log" auth.require = ( "/docs/" => ( "method" => "basic", "realm" => "Password protected area", "require" => "user=vivek" ) ) }
Save and close the file.
Create a plain text username (vivek) and password file:
# vi /home/lighttpd/.lighttpdpassword
Append username:password:
vivek:mysecretepassword
Where,
vivek - is the name of a user. Please note that do not use a system user stored in /etc/passwd file. It is recommended that you use a different username that only exists for the purpose of authenticating password protected directories.
mysecretepassword - is the password for user vivek (must be in clear text format for plain text method)
Save and close the file. Make sure file /home/lighttpd/.lighttpdpassword is readable by lighttpd:
# chown lighttpd:lighttpd /home/lighttpd/.lighttpdpassword
Finally, restart lighttpd server:
# /etc/init.d/lighttpd restart
Fire your browser and point a web browser to http://yourdomain.com/docs/ or http://localhost/docs/ or http://ip-address/docs. You should be prompted for a username and password.
This way you can restrict access to certain areas of your website. Make sure you also use SSL encryption for authenticating users and secure digest authentication.