Summary
OpenBSD httpd supports basic authentication with htpasswd
.
Here shows how to use it. Besides, the official documentation is here.
Tutorial
Assuming that:
the absolute path of our document root is /var/www/auth-trial
.
Generate .htpasswd
First, generate .htpasswd:
$ doas htpasswd /var/www/auth-trial/.htpasswd <username>
This command writes <username> (which is editable) and generated password for them, hashed by bcrypt, into .htpasswd file.
Now you can see:
$ doas cat /var/www/auth-trial/.htpasswd
<username>:(...)
It is important to confirm the web user running httpd daemon can read it:
$ doas chown www: /var/www/auth-trial/.htpasswd
$ # the file generated above is writable by user
$ doas chmod u-w: /var/www/auth-trial/.htpasswd
$ ls -l /var/www/auth-trial/.htpasswd
-r-------- 1 www wheel 69 Aug 2 15:20 /var/www/auth-trial/.htpasswd
Configure httpd.conf
Edit httpd.conf:
$ doas nvim /etc/httpd.conf
in order to define authenticate
in server
section:
server "(...)" {
(...)
+ authenticate with "/auth-trial/.htpasswd"
root "/auth-trial"
(...)
location "(...)" {
(...)
}
(...)
}
Restart the daemon:
$ doas rcctl restart httpd
httpd(ok)
httpd(ok)
Done :)
Conclusion
Now you can see confirmation required:
and access denied when the input is invalid: