Update: There’s a much easier way to install and setup Apache 2.4 with authentication using Vagrant and Puppet. Instructions and working example here.
In this lesson, we’re going to set up authentication for all the resources served by Apache2, including php pages, images, and even REST calls that pass through the apache proxy.
We’re going to use a module called mod_auth_form, which requires Apache2.4.
Copy the apr and apr-util source downloads into the apache’s srclib folder.
Make sure to remove the version numbers, so apr-1.4.6 becomes apr and apr-util-1.5.1 becomes apr-util
Install pcre. I placed the installation at /usr/local/pcre
./configure --prefix=/usr/local/pcre make make install
./configure --prefix=/usr/share/apache2.4 --with-included-apr --with-pcre=/usr/local/pcre --enable-so make make install
The “–with-included-apr” directive tells it to look for the apr libraries in the srclib folder (in step 1).
The “–with-pcre” directive tells it where to find the pcre library you just installed (in step 2).
The “–enable-so” directive enables shared modules which will make it easier to set up php later. (You won’t find this suggestion until you try to install php so you’re learning from my mistake.)
The “–enable-session-crypto” directive will allow the username and password to be encrypted when they’re being transferred back and forth between the browser and server.
a) Add or uncomment the following lines in httpd.conf
LoadModule auth_form_module modules/mod_authn_core.so LoadModule auth_form_module modules/mod_auth_form.so LoadModule session_module modules/mod_session.so LoadModule request_module modules/mod_request.so LoadModule session_cookie_module modules/mod_session_cookie.so LoadModule authn_dbd_module modules/mod_authn_dbd.so LoadModule dbd_module modules/mod_dbd.so
The first 4 lines are to enable mod_auth_form.
The 5th and 6th lines are to use a database to store the user credentials.
b) Add the following lines in httpd.conf
DBDriver mysql DBDParams "dbname=myDB,user=root,pass=XXX" DBDMin 4 DBDKeep 8 DBDMax 20 DBDExptime 300 <Location /private> AuthFormProvider dbd AuthType form AuthName private Session On SessionCookieName session path=/ SessionCryptoPassphrase secret ErrorDocument 401 /login.html # mod_authz_core configuration Require valid-user # mod_authn_dbd SQL query to authenticate a user AuthDBDUserPWQuery "SELECT password FROM apache_user WHERE username = %s" </Location>
What you need to know (and change):
– DBDParams: define your mysql credentials here
– <Location PATH>: The PATH is the url that you want to secure
– ErrorDocument 401: This is the location of the login page where users will be redirected if they’re not logged in yet
– AuthDBDUserPWQuery: This is the mysql query to access the table where the credentials are stored
I ran into an error when I tried to start up apache. You may not get this as I don’t think this is really what should happen.
Skip this unless you see the following error:
AH00526: Syntax error on line 260 of /usr/share/apache2.4/conf/httpd.conf: Can't load driver file apr_dbd_mysql.so
When you compiled apr and apr-util, it should have included the needed apr_dbd_mysql.so libraries. This dynamically links to libmysqlclient_r.so libraries. (You can ‘ldd’ the apr_dbd_mysql.so library to see this dynamic link.) However, for whatever reason, my libmysqlclient_r.so could not be located by apache so I had to include its containing folder in LD_LIBRARY_PATH environment variable.
So first, locate your libmysqlclient_r.so file (use unix ‘locate’ command). Mine was in /usr/lib.
Then edit /usr/share/apache2.4/bin/envvars and find where LD_LIBRARY_PATH is set.
if test "x$LD_LIBRARY_PATH" != "x" ; then LD_LIBRARY_PATH="/usr/share/apache2.4/lib:$LD_LIBRARY_PATH" else LD_LIBRARY_PATH="/usr/share/apache2.4/lib" fi
Below where LD_LIBRARY_PATH is set, I added the folder of my libmysqlclient_r.so file