Apache2 proxy/proxypass and basic auth

Question

Hi all I've setup noVNC and apache2 with some proxy redirects. Here's my config :

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName vps.somesite.net
        DocumentRoot /var/www/vps.somesite.net/public_html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/vps.somesite.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/vps.somesite.net/privkey.pem

        <Directory "/var/www/vps.somesite.net/">
                AllowOverride All
        </Directory>

        <Location /noVNCSSL/>
            AuthType Basic
            AuthName "Restricted Area :)"
            AuthUserFile /var/www/vps.somesite.net/.htpasswd
            Require valid-user
        </Location>

        ProxyPass /noVNCSSL/ http://10.8.0.12:6080/
        ProxyPassReverse /noVNCSSL/ http://10.8.0.12:6080/
        ProxyPass /websockify ws://10.8.0.12:6080/websockify retry=3
        ProxyPassReverse /websockify ws://10.8.0.12:6080/websockify retry=3

        RewriteEngine on
#       RewriteCond %{REQUEST_URI} ^/noVNCSSL/?$
#       RewriteRule ^(.*)$ /noVNCSSL/vnc.html [R,L]
        RewriteCond %{HTTP:Upgrade} =websocket [NC]
        RewriteRule /noVNCSSL/(.*) ws://10.8.0.12:6080/$1 [P,L]
        RewriteCond %{HTTP:Upgrade} !=websocket [NC]
        RewriteRule /noVNCSSL/(.*) http://10.8.0.12:6080/$1 [P,L]

    </VirtualHost>
</IfModule>

If I leave out the two commented lines above the basic auth works for that location but obviously the redirect to the vnc.html page doesn't. On the other hand if I include the two commented lines the redirect works, but the basic auth stopped working.

Is there a way to get and

a redirect from https://vps.somesite.net/noVNCSSL to https://vps.somesite.net/noVNCSSL/vnc.html AND
basic auth for every location which starts with https://vps.somesite.net/noVNCSSL

Edit : A quick fix was renaming the vnc.html file to index.html and omitting the rewrite rule for vnc.html => index.html

Still the question remains why basic auth doesn't work with rewrite rules on proxy locations, even if I put basic auth on all proxy requests like :

<Proxy *>
Order deny,allow
    Allow from all
    Authtype Basic
    Authname "Restricted Area :)"
    AuthUserFile /var/www/vps.somesite.net/.htpasswd
    Require valid-user
</Proxy>

Apache2 proxy/proxypass and basic auth

0 Answers0