Virtualmin makes it easy to protect websites (or just parts of it) with an email / password combination. The nice thing about it is that you have granular control over which user has access to what. The user doesn’t have to remember a new password, it will simply be his/her old email password. Let’s see how it works!
Go to port 10000 on your sever via HTTPS:
And log in with your root account:
Virtualmin interface should appear:
Go to Edit Users and click the Add a user to this server button:
The Create User panel should appear:
Enter the name portion of the Email address, the Real name and give it a Password, than click Create:
We need to create a new folder that we want to password protect. You can do that any number of ways (FTP, SCP, etc) but I chose SSH. I logged in with putty, and created a folder inside the public_html folder of the virtual server. Don’t forget to set the proper permission as well:
cd /home/your-virtual-servers-folder/public_html mkdir the-folder-name-you-want-to-create chown your-virtual-server-user:your-virtual-server-group your-virtual-servers-folder
Let us add the newly created folder to the Protected Web Directories. Let’s go back to Virtualmin and select Services and than Protected Directories. We want to create a new directory, so we click Add a protection for a new directory:
The New web directory protection panel will appear:
Enter the directory name that you created earlier into the Sub-directory field and enter an Authentication realm as well (it will be sent as part of the login request):
We have our folder added. Notice that at the Users row it says it has 0 users associated with it:
To add a user we need to get back to the Edit Users panel:
Click on the username you want to edit and the Edit User panel will show up:
Expand Other user permissions and find the directory that we created a step before in the All directories field list, select it and click the arrow button to add it to the Allowed directories field list, when done click the Save button:
If you try to access the folder from a browser it should ask for authentication:
Note: you need to provide the e-mail (not just the username) and the password to log in:
