Меня зовут Михаил Усик!
Я системный администратор
и наполняю эту wiki,
решая разнообразные IT-задачки.

Я всегда готов помочь Вам
наладить IT-инфраструктуру
за скромное вознаграждение!!
+7 (977) 887-96-23


How to use authentication with Lighttpd (htpasswd)

In this example, we will setup basic authentication for Lighttpd. Let’s imagine, for the purpose of this tutorial, that you want to secure a directory where you store some sort of reports. Those will be served on By default, they will be accessible to anyone. And we don’t want that.

Configs are done on a Debian-based system. For RedHat-based users, your mileage might vary a bit.
Minimal vhost example

$HTTP["host"] == "" {
server.document-root                = "/var/www/"
accesslog.filename                  = "/var/log/lighttpd/"
server.errorlog                     = "/var/log/lighttpd/"

That will be the starting base of our example.

Step 1: load mod_auth

We need to instruct lighttpd to load it’s authentication module by editing /etc/lighttpd/lighttpd.conf to add mod_auth to the server.modules section.

Step 2: create a password file

In order to do that, we will need to install the package apache2-utils (using apt-get). It will provide us with the command htpasswd. Lighttpd doesn’t have an equivalent tool, but since we’ll use that authentication mechanism, we still need it.

root@server:~# htpasswd -c /etc/lighttpd/htpasswd jsmith
New password:
Re-type new password:
Adding password for user jsmith

NOTE: Never put your password file under your document root!

Step 3: add the authentication config to your vhost

Our vhost will now look like this:

$HTTP["host"] == "" {
server.document-root                = "/var/www/"
accesslog.filename                  = "/var/log/lighttpd/"
server.errorlog                     = "/var/log/lighttpd/"
# Authentication config
auth.debug                          = 2
auth.backend                        = "htpasswd"
auth.backend.htpasswd.userfile      = "/etc/lighttpd/htpasswd"
auth.require = ( "/" => ( "method" => "basic", "realm" => "Restricted access", "require" => "user=jsmith" ) )

At this point, all that’s left to do is to restart lighttpd. The next time you access, you will be prompted for credentials.


Enter your comment. Wiki syntax is allowed:
linux_faq/виртуальные-пользоваватели-lighttpd-how-to-use-authentication-with-lighttpd-htpasswd.txt · Last modified: 2019/02/11 09:13 (external edit)