Setting up Authentication in Apache 2.4 (revisited using Vagrant)

Some time ago, I detailed in horrific detail how to build and set up Apache 2.4 in Ubuntu 12: part I and part II. It worked but it was a mess!

Now we’re going to do it using Vagrant and Puppet. I assume you buy into the Automatic Provisioning method and have some understanding of Vagrant and Puppet.

Here is the working example that I’ll be explaining in detail below. You can download it and get Mysql and Apache with authentication up and running right away.

Folder Structure

Screen Shot 2014-04-01 at 3.35.13 PM

 

  • manifests – holds the puppet script, site.pp, that declares what should be installed and how to set it up
  • modules – you can think of these as libraries or packages that others have built to help you set up your system. They were downloaded from Puppet Forge
  • resources – this is where I keep various files that I copy into the VM to help with the set up. In this case, the index.php and login.html file are just files that help me test the apache authentication component
  • scripts – I use largely .pp puppet scripts for provisioning, but there are some things that are easier for me in unix scripts, so I place those files here
  • Vagrantfile – this is the vagrant file that commands the building and provisioning of the VM

Vagrantfile

Let’s talk first about the Vagrantfile. You can read more about the options at Vagrant.


config.vm.box = "parallels/ubuntu-13.10"

This line indicates which box we’re starting with. I found it with a search for “ubuntu puppet” on VagrantCloud. I specifically wanted an Ubuntu 13 box with Puppet installed. The reason is because apache 2.4 isn’t part of the package distro until ubuntu 13. You may want to look for a Ubuntu 14 box when it’s ready since that will be a LTS version.

config.vm.provision "shell", path: "scripts/provision.sh"

This line instructs Vagrant to call the unix script, provision.sh. This script just makes sure that the latest puppet is installed and that certain libraries for apache/php/mysql are installed as well.

  config.vm.provision "puppet" do |puppet|
    puppet.manifests_path = "manifests"
    puppet.manifest_file  = "site.pp"
    puppet.module_path = "modules"
  end

These next set of lines is where the action is at. This instructs Vagrant to use the site.pp puppet script to provision the rest of the system. It also tells it where the modules are located.

site.pp
This file represents the puppet provisioning script. Again, I’ll refer the reader to Puppet for more details, but I’ll describe the specifics of this install.

class { '::mysql::server':
  root_password => $pass2,
  users => {
    'root@%' => {
      ensure => 'present',
      password_hash => $pass2mysql5hash
    }
  },
  databases => {
    'myDB' => {
      ensure => 'present',
      charset => 'utf8'
    }
  },
  grants => {
    'root@%/*.*' => {
      ensure => 'present',
      options => ['GRANT'],
      privileges => ['ALL'],
      table => '*.*',
      user => 'root@%'
    }
  },
  override_options => {
    'mysqld' => {
      'bind-address' => undef, # allow remote login
    }
  },
  restart => true,
}
include '::mysql::server'

As you can imagine, this section sets up Mysql.
The users sub-section creates a root user with a password. It requires a password hash which you can generate here.
The databases sub-section creates a database called “myDB”.
The grants sub-section ensures that when root logs in from anywhere, it has access to all the databases and tables.
The override_options sub-section overwrites the “bind-address” parameter to allow remote login of root.

Now let’s dissect the apache setup section.

apache::vhost { 'http':
  port => '80',
  docroot => '/var/www',
  custom_fragment => '
    DBDriver mysql
    DBDParams "dbname=myDB,user=root,pass=XXX"
    DBDMin  4
    DBDKeep 8
    DBDMax  20
    DBDExptime 300
    <Location /private>
      AuthFormProvider dbd
      AuthType form
      AuthName private
      Session On
      SessionCookieName session path=/
      #SessionCryptoPassphrase secret
      ErrorDocument 401 /login.html
      # mod_authz_core configuration
      Require valid-user
      # mod_authn_dbd SQL query to authenticate a user
      AuthDBDUserPWQuery "SELECT password FROM user WHERE username = %s"
    </Location>'
}

If you remember from the previous post, we had to set up the httpd.conf to do authentication. You can refer back to that post to see what which line means.

As it relates to puppet, this declaration sets up a virtual host on port 80, with a docroot pointing to ‘/var/www’ (this is where you should put your webpages), and a custom_fragment to set up authentication.

include apache::mod::prefork
include apache::mod::php
apache::mod { 'authn_core': }
apache::mod { 'auth_form': }
apache::mod { 'session': }
apache::mod { 'request': }
apache::mod { 'session_cookie': }
apache::mod { 'authn_dbd': }
apache::mod { 'dbd': }

The above modules also need to be configured for authentication to work. (It also includes php just because you’ll probably need that too.)

class apache_links {
  $apachehome = '/home/vagrant/apache'
  file { 'apachehome':
    path => $apachehome,
    ensure => directory,
    require => Class['apache']
  }

  file { '/home/vagrant/apache/htdocs':
    ensure => 'link',
    target => '/var/www',
    require => File['apachehome']
  }

  file { '/home/vagrant/apache/conf':
    ensure => 'link',
    target => '/etc/apache2',
    require => File['apachehome']
  }
}
include apache_links

This section just sets up some symlinks. I often forget where the configuration and webpages are located so I like to place them right at the home directory.

class apache_auth_test {
  file { '/home/vagrant/apache/htdocs/login.html':
    source => "/vagrant/resources/login.html",
    require => Class['apache_links']
  }

  file { 'apache_test_dir':
    path => '/home/vagrant/apache/htdocs/private',
    ensure => directory,
    require => Class['apache_links']
  }

  file { '/home/vagrant/apache/htdocs/private/index.php':
    source => "/vagrant/resources/index.php",
    require => File['apache_test_dir']
  }
}
include apache_auth_test

This final section just copies the test files from the resources folder into the VM so we can test it.

Start it Up

Now that the hard part is done, you just need to start it up. From the folder where the Vagrantfile is, just type

vagrant up

This will download the “parallels/ubuntu-13.10” box we indicated in Vagrantfile (if it hasn’t been downloaded already). Then it will run the privision.sh script, followed by the site.pp puppet script. After a few minutes, you’ll have an Ubuntu server with mysql and apache installed!

Test it

First, try to ssh into the box. From the folder where the Vagrantfile is, just type

vagrant ssh

You should now be inside the VM. You can type “ifconfig” to get the IP of the box.

With this, try pointing your host machine’s browser to that IP (e.g http://192.168.1.100). You should get the standard apache message “It works!”

Before we test authentication, you’ll need to create a mysql table to authenticate against. So connect to the mysql (either remotely or locally) and in the myDB database, create a table with this sql statement:

CREATE TABLE `user` (
 `username` varchar(255) NOT NULL DEFAULT '',
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Then insert a user and password hash.
For example, try entering user=admin, password={SHA}5yfRRkrhJDbomacm2lsvEdg4GyY=
This password hash is for the password “mypass” with a “{SHA}” prefix in front to tell apache authentication module which hash to use. You can generate your own hashes at this site.

Now to test authentication, point your browser to http://192.168.1.100/private/index.php.
This is a protected folder so it should redirect you to a login page (from login.html).
After you type in the correct password, it should direct you to the index.php page with a “Hello World”

I hope this was helpful. Let me know if you run into any trouble.

Advertisements
Tagged , , ,

One thought on “Setting up Authentication in Apache 2.4 (revisited using Vagrant)

  1. […] Update: There’s a much easier way to install and setup Apache 2.4 with authentication using Vagrant and Puppet. Instructions and working example here. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: