FAQ on Web Server Cloud

Please refer to the detail configuration of web server cloud in In-house web server cloud

Please refer to the procedure in SSH and Secure File Transfer to setup SFTP for file transfer.

After connecting to the web server cloud using SSH, you can use the UNIX command “passwd” to change password.

You can change the password of MySQL account using one of the following ways:

(a) connect to your MySQL account at ‘localhost’:

step 1a: start up MySQL:
mysql -u -p

step 2a: change your MySQL account password at ‘localhost’:
MySQL> set password for <mysql_accountname>=password(‘newpassword’);

step 3a: disconnect from MySQL:
MySQL> quit;

(b) connect from another system from HKU network to the computer ‘www.<domainname>.hku.hk (mysql access is available from HKU network only):

step 1b: start up MySQL:
mysql -u <mysql_accountname> -p -h www.<domainname>.hku.hk

step 2b: change your MySQL account password at ‘www.<domainname>.hku.hk’ :
MySQL> set password for <mysql_accountname>=password(‘newpassword’);

step 3b : disconnect from MySQL :
MySQL> quit;

If you are the webmaster of your department, you can use the command “restart_webserver” to restart the webserver.

If you are the webmaster of your department, you can use the command “restart_database” to restart the database.

You may use any file transfer program that supports SFTP (e.g. coreFTP and WS_FTP Home/Professional) to upload the web content with the following information:

Host Name: www.<domainname>.hku.hk
User ID: <UID> (account name of web server cloud)
Password: <password> (password of web server cloud)
Site Folder: /home/<UID>/html/ (web content location of web server cloud)

You can verify the result with the following URL:
The URL for webmaster account: http://www.<domainname>.hku.hk
The URL for normal user account: http://www.<domainname>.hku.hk/<UID>

Type the command under /usr/share/tomcat/webapps
$ create_webapps context owner_account

This will create the webapps named “context” owned by the user account “owner” under /usr/share/tomcat/webapps.

Re-start the tomcat server to make the change effective [If necessary, you may also change the file permission of some files such that they are writable by the group “tomcat” (you are a member of the group tomcat)]:

$ restart_tomcat

Please note that some of the files/folders are writable by your account for future maintenance or addition of libraries needed by users, e.g., the Tomcat shared library folder under /usr/share/tomcat/shared/lib and some of the Tomcat XML configuration files under /etc/tomcat/.

Once the Tomcat is ready, you have to map the Tomcat context to the Apache web server using the proxy_ajp module. Please update the file “/opt/rh/httpd24/root/etc/httpd/conf.d/proxy_ajp.conf” to map the URL to Tomcat by adding the line (pls refer to the example in this configuration file):
ProxyPass /path_to_context/ ajp://localhost:8009/context/

such that the tomcat application can be accessed through the URL http://www.<domainname>.hku.hk/path_to_context/ after restarting the web server.

Type the following command under /usr/share/tomcat/webapps:
$ rm_webapps context
The folder /usr/share/tomcat/webapps context will then be deleted upon confirmation.

Type the command
$ change_user_password <user account>

To get a departmental domain name under hku.hk, do the following:

1. If your department does not have its own domain name server, you need to apply for a domain name host with the Information Technology Services. Please fill in CF60.

2. If your domain name is not within the HKU domain, then register your domain name with the Hong Kong Domain Name Registration Company at https://www.hkirc.hk

Restart the web server to make the change in above FAQ “How to map the Tomcat context to Apache web server?” effective:

$ restart_webserver

Some web programs allow user to upload files to web server. Web account is needed to grant with right/permission for web server to upload files. You can use the following command to set the permission so that files can be uploaded to the <path> in the web server (either apache or tomcat) and you still have enough permission to delete/modify the uploaded file.

PHP case:
chmod 771 <path>   
setfacl -R -m d:u:<account>:rwx <path>
setfacl -R -m u:<account>:rwx  <path>
setfacl -R -m d:u:apache:rwx  <path>
setfacl -R -m u:apache:rwx  <path>
setfacl -R -m d:g:<account>:rwx <path>
setfacl -R -m g:<account>:rwx  <path>
setfacl -R -m d:g:apache:rwx  <path>
setfacl -R -m g:apache:rwx  <path>

chmod 771 <path>   
setfacl -R -m d:u:<account>:rwx <path>
setfacl -R -m u:<account>:rwx  <path>
setfacl -R -m d:u:tomcat:rwx  <path>
setfacl -R -m u:tomcat:rwx  <path>
setfacl -R -m d:g:<account>:rwx <path>
setfacl -R -m g:<account>:rwx  <path>
setfacl -R -m d:g:tomcat:rwx  <path>
setfacl -R -m g:tomcat:rwx  <path>

  1. To enable password protection for your webpage,  you will need to generate a htpasswd file. You may search online to find htpasswd generator (e.g. http://www.htaccesstools.com/htpasswd-generator/) to create a .htaccess file that will password protect your site or a directory.
  2. In the online htpasswd generator, enter username and password and an entry for a htpasswd file is generated. You can then copy and paste the entry to the .htpassword file. Remember to use new line for each new entry.


where otto and billgate are two authorized users’ names (their corresponding passwords are encrypted). You can delete either one or both of the lines to remove the user(s) from the authorized user list (i.e. the password file).
  1. When the .htaccess file is ready, use SFTP to upload the password file to your home directory.
  2. To put web page access control into effect:

Create a file called .htaccess in the directory under which the files and its sub-directories are to be accessible only by the authorized users specified in the User Password file discussed above.

Example 1

Suppose the full path name of the passwordFile is /user3/otto/courseUsers and the full path name of the directory of the web page files which require access control is /user3/otto/dir1/.

The file /user3/otto/dir1/.htaccess should be created and it should contain:

AuthUserFile /user3/otto/courseUsers
AuthName HKU
AuthType Basic
require valid-user

Make sure that the full path of the passwordFile is specified in the .htaccess file.

Please note that the keywords AuthUserFileAuthNameAuthType and require, and their assigned values must be on the same line. The value valid-user specifies all users in the password file.

Also, change the permission of the file .htaccess so that it can be read by others using the following command:

chmod 644 .htaccess

When a user views a web page file under the directory /user3/otto/dir1/, the web server will authenticate the user’s access to the web page by means of his username and password in the password file /user3/otto/courseUsers.

Example 2

The file /user3/otto/dir2/.htaccess contains

AuthUserFile /user3/otto/courseUsers
AuthName HKU
AuthType Basic
require user apple otto

Please note that the keywords AuthUserFileAuthNameAuthType and require, and their assigned values must be on the same line. The line “require user apple otto” specifies that only the user apple and otto can access the directory even the password file ‘/user3/otto/courseUseres’ contains other users.


  • If a user browses a web page which is set up with access control by means of username, a login window will come up and the user will be asked to type in his access-control username and password. Only authorized users can gain access to such restricted pages.
  • Access control applies to the directory which contains the file htaccess and all its files and sub-directories. If you want to set up controlled access function for the web pages in another tree of directories, you need to copy the file htaccess to the parent directory of that sub-tree of directories. However, only a single passwordFile is required for the same group of authorized users.




Multi-Factor Authentication

February 2024
February 2024

Mandatory for all staff accounts

May 2024
May 2024

Mandatory for all student accounts