1
00:00:00,000 --> 00:00:18,000
Hey everyone and welcome back. So previously throughout this skill what we've been learning

2
00:00:18,000 --> 00:00:23,120
is how we can set up this Apache web server. Now what I want to do is I want to introduce

3
00:00:23,120 --> 00:00:29,960
how we can actually use authentication so that we can ultimately protect our website.

4
00:00:29,960 --> 00:00:36,359
That means that the person accessing our website would have to specify a username as well as

5
00:00:36,359 --> 00:00:41,520
a password. Now you can actually implement this for many different folders within your

6
00:00:41,520 --> 00:00:47,200
website. Say for example you have a forward slash blog part of your folder. You could

7
00:00:47,200 --> 00:00:51,439
protect that part. But for the purposes of the examination we're just going to do a

8
00:00:51,439 --> 00:00:56,199
very basic authentication implementation here. Now one thing to note that I just want

9
00:00:56,199 --> 00:01:01,519
to point out is that with respect to the username that I'm talking about this actually doesn't

10
00:01:01,519 --> 00:01:07,120
have to correlate with this username right here. You know the way I happen to be IPv0

11
00:01:07,120 --> 00:01:13,159
on this system. The username that you can use to protect your website can be absolutely

12
00:01:13,159 --> 00:01:18,319
anything you choose. So try not to confuse the two okay. So what I'm going to do to begin

13
00:01:18,319 --> 00:01:22,639
is I'm going to make sure I already have a package installed. Now we already should have

14
00:01:22,639 --> 00:01:30,079
this but just to make sure just do a sudo apt install and I'll say Apache to utils. If

15
00:01:30,079 --> 00:01:35,799
I hit enter I will type in my password and as we can see I already have the newest version

16
00:01:35,799 --> 00:01:40,359
right here. Okay so the first thing we want to do in order to be able to implement our

17
00:01:40,359 --> 00:01:45,439
authentication is we want to go to one of our configuration files. So what I'm going

18
00:01:45,439 --> 00:01:50,319
to do is I'll go to my Etsy directory. I'll go into my Apache directory within that and

19
00:01:50,319 --> 00:01:54,719
then into sites enable. This is where we're going to have our sim links. What I'm going

20
00:01:54,719 --> 00:01:59,280
to do is I'm going to look at this particular file right here. So if I open this up we can

21
00:01:59,280 --> 00:02:05,159
see here we have our server admin and the document root which ultimately tells us the

22
00:02:05,159 --> 00:02:11,400
directory structure where we're going to look for our HTML files to render our web page.

23
00:02:11,400 --> 00:02:17,039
So the document root here what I'm going to do is I'm going to go in and I'm going to

24
00:02:17,039 --> 00:02:22,040
create some tags called directory and all I'm going to do here is I'm going to specify

25
00:02:22,040 --> 00:02:27,560
the directory that I want to ultimately protect so to speak. Now again you actually can add

26
00:02:27,560 --> 00:02:32,360
additional things in here. You could create a directory for blog and protect that by creating

27
00:02:32,360 --> 00:02:37,800
a corresponding blog directory with pages within that but for now I'm going to keep things

28
00:02:37,800 --> 00:02:43,920
really quite simple. So I'll protect this directory structure here and if I tab in and

29
00:02:43,920 --> 00:02:49,240
inside I'm going to say auth type is going to be basic authentication. This just means

30
00:02:49,240 --> 00:02:55,439
I'll be using the username and the passwords. Now auth name here. This is really where you

31
00:02:55,439 --> 00:03:00,880
can just specify some type of message here. So this name to me is a little bit confusing.

32
00:03:00,880 --> 00:03:06,600
It sounds like you have to specify the username that you want to log in with. This is actually

33
00:03:06,599 --> 00:03:11,199
not true. That is going to be determined by what is within the auth user file which we'll

34
00:03:11,199 --> 00:03:17,120
see next. Instead this is just going to be a message that is presented to the user when

35
00:03:17,120 --> 00:03:23,400
they visit the site. So I'm going to say no on authorised access and this part here the

36
00:03:23,400 --> 00:03:30,000
auth user file. What I'm going to do is I'm going to specify the location of the file

37
00:03:30,000 --> 00:03:34,599
that is going to house my credentials. Now this file does not actually exist yet. I'm

38
00:03:34,639 --> 00:03:39,759
just going to specify where it is. So within the etsy Apache 2 directory I'm going to create

39
00:03:39,759 --> 00:03:45,759
a file called my creds and it is within this file that I'll have my username and my password.

40
00:03:45,759 --> 00:03:53,759
Okay. So now I will say require valid hyphen user and then to close I'm going to have to close

41
00:03:53,759 --> 00:03:58,359
off my directory tag. Remember to start that off with a forward slash because we're closing the

42
00:03:58,360 --> 00:04:04,400
tag and that should be us right now. So like I say our credentials are going to come within

43
00:04:04,400 --> 00:04:09,800
this file right here. My creds within the etsy Apache 2 directory. Let's go and create this

44
00:04:09,800 --> 00:04:14,480
file. Okay. So let me first save this and I'll exit out. So now what I'm going to do is I'm going

45
00:04:14,480 --> 00:04:22,080
to use a tool called HT password. So I'll say sudo HT pass and that's pass WD dash C for create.

46
00:04:22,080 --> 00:04:26,920
And now this is the file I want to create. I want to create it within the etsy Apache 2 directory

47
00:04:26,920 --> 00:04:33,560
and the file is going to be called my creds. Now what I do here is I specify the username that I

48
00:04:33,560 --> 00:04:39,600
want to be able to create. Now remember it doesn't have to be IPv0 in my case. It can be any username

49
00:04:39,600 --> 00:04:46,720
I wish. So I'll just call this my test user and I will hit enter. Now what I want to do is to

50
00:04:46,720 --> 00:04:52,960
specify the password for that user. So I'll just say password one because clearly I don't care too

51
00:04:53,000 --> 00:04:59,000
much about security and I'll reconfirm password one. If I hit enter, now we can see here we actually

52
00:04:59,000 --> 00:05:05,279
have added a password for that user. So if we go into this directory here, we should actually see

53
00:05:05,279 --> 00:05:11,719
this file which has those credentials. So I'll CD into Apache 2 and do an LS. We can now see we

54
00:05:11,719 --> 00:05:17,639
have this file called my creds. If I happen to look into this file, we can see here the my test

55
00:05:17,759 --> 00:05:23,839
user with the corresponding password which is being cryptographically hashed for security. So now

56
00:05:23,839 --> 00:05:29,759
our configuration file is pointing to these credentials. So in order to be able to log into

57
00:05:29,759 --> 00:05:34,680
our website, we're going to have to be able to provide these credentials. So now what I want to

58
00:05:34,680 --> 00:05:41,839
do is I want to restart my Apache service also to the system CTL and I will reload Apache 2. Now

59
00:05:41,919 --> 00:05:47,199
if I browse to my website, watch what happens. In case I go to my virtual machine, I open up

60
00:05:47,199 --> 00:05:53,239
Firefox. If I browse to this IP address, it says here, I'm trying to access this with my username

61
00:05:53,239 --> 00:05:57,639
and password and we can see here the site says and this is the little message I mentioned, no

62
00:05:57,639 --> 00:06:02,839
unauthorized access. You see the way auth name might be a little bit misleading. This is more

63
00:06:02,839 --> 00:06:08,719
like a website message. So now what I want to do is I want to provide my credentials here. So that

64
00:06:08,760 --> 00:06:14,200
is going to be my test user and the password I use was password one. So I will go in and I will

65
00:06:14,200 --> 00:06:22,440
say my test user and the password is password one. So if I hit enter, that is going to authenticate

66
00:06:22,440 --> 00:06:28,720
and now we actually get access to our website. Otherwise, users, whilst they might know the IP

67
00:06:28,720 --> 00:06:34,600
address or the DNS resolution, they will not be able to access this website without those credentials.

68
00:06:34,640 --> 00:06:41,400
So like I say, we can actually choose if we wish to just selectively protect parts of our website.

69
00:06:41,400 --> 00:06:48,120
Let's maybe say that this part here was perfectly open, but you happen to have a my pictures folder

70
00:06:48,120 --> 00:06:53,480
and you wanted to password protect that just like we did before within the directory tags, we can

71
00:06:53,480 --> 00:06:58,840
choose whereabouts it is we want to protect. Okay, so that is us for authentication on Apache 2.

72
00:06:58,840 --> 00:07:02,080
I hope this has been informative for you and I'd like to thank you for viewing.