How do I create a virtual host with basic HTTP auth?

Question

This is what I have so far:

<VirtualHost *:80>
DocumentRoot "/PathToTheFilesThat/theserver/gives/access/to"
ServerName docs.mysite.com
ProxyPass / http://localhost:8808/
ProxyPassReverse / http://localhost:8808
</VirtualHost>

Basically, I'm just trying to make a YARD documentation server public to the company I work for (but not to the entire world), hence the want for basic auth.

The above currently allows access to the server from any remote machine... just need auth. =D

UPDATE:

<VirtualHost *:80>
    DocumentRoot "/Users/me/projects/myProject/doc"
    ServerName docs.mysite.com
    ProxyPass / http://localhost:8808/
    ProxyPassReverse / http://localhost:8808
    AuthUserFile /private/etc/apache2/conf/.htpasswd
    AuthName "Documentation Server, Please Log In"
    AuthType Basic
    Require User me
</VirtualHost>

gives this error when I navigate to docs.mysite.com (in the console)

[Tue Feb 21 11:33:04 2012] [error] (61)Connection refused: proxy: HTTP: attempt to connect to [fe80::1]:8808 (localhost) failed
[Tue Feb 21 11:33:04 2012] [error] ap_proxy_connect_backend disabling worker for (localhost)
[Tue Feb 21 11:35:16 2012] [notice] caught SIGTERM, shutting down

What exactly do you expect of the authentiation? Do you want a single username/password pair that you can give out to everyone? Basic auth can be sniffed by any packet analyzer, so it's *not very secure*. Are you looking for something better than that? Details, we need them. Security **is not simple**, no matter what. — Chris S, Feb 21 '12 at 15:24
yeah, a singel username / password that everyone would use would be great. I'm aware of the lack of security, but they would have to find it first, right? maybe I also need a way to keep search engine crawlers off of it. This is what I'm running: http://yardoc.org/ The server it comes with is not very featurefull. — NullVoxPopuli, Feb 21 '12 at 15:30

score 2 · Answer 1 · answered Feb 21 '12 at 15:30

2

In order to enable User Authentication on your Webserver's entry point you must add the following lines to the VirtualHost configuration lines.

<VirtualHost>
..
..
..
..
..

    AuthUserFile /usr/local/apache2/conf/.htpasswd
    AuthName "yoursite.com, Please Log In."
    AuthType Basic
    Require User userallowedtoenter
</VirtualHost>

And by adding these lines, everytime you open the Website, an Auth Window will pop up asking for the user/password enabled to pass.

answered Feb 21 '12 at 15:30

GersonO

164
6

take note that, the AuthUserFile could be a different location on your machine. – GersonO Feb 21 '12 at 15:32
2

+1 Good form to capitalize `Require User` too, but this works either way. – Chris S Feb 21 '12 at 15:32
already capitalized it ;) – GersonO Feb 21 '12 at 15:42
1

+1 always have hard time with .htpasswd with apache virtual host. – Feb 21 '12 at 15:57
2

http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile AuthUserFile howto. – GersonO Feb 21 '12 at 16:03
I did this, and got this error: – NullVoxPopuli Feb 21 '12 at 16:39
[Tue Feb 21 11:33:04 2012] [error] (61)Connection refused: proxy: HTTP: attempt to connect to [fe80::1]:8808 (localhost) failed [Tue Feb 21 11:33:04 2012] [error] ap_proxy_connect_backend disabling worker for (localhost) [Tue Feb 21 11:35:16 2012] [notice] caught SIGTERM, shutting down – NullVoxPopuli Feb 21 '12 at 16:39
You do have the mod_auth module installed ? – GersonO Feb 21 '12 at 16:56
`2022 Aug 24 13:17:17 stage apachectl[13599]: AuthUserFile not allowed in context` – Fabian Blechschmidt Aug 24 '22 at 11:18

score 0 · Answer 2 · answered Aug 24 '22 at 11:22

Thanks @GersonO to put me on the right track! But at least in 2022 this doesn't work anymore, but you need a

<Directory /var/www/example.de/htdocs/>
    AuthUserFile /etc/apache2/htpasswd
    AuthName "Stage Server"
    AuthType Basic
    Require valid-user
</Director>

How do I create a virtual host with basic HTTP auth?

2 Answers2