Password-protect access to an application with Apache
NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:
$ test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."
The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.
To configure Apache to request a username and password when accessing your application, follow these steps:
Approach A: Bitnami installations using system packages
-
At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.
$ sudo /opt/bitnami/apache2/bin/htpasswd -cb /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD
-
Edit the /opt/bitnami/apache2/conf/vhosts/APPNAME-vhost.conf file to add the following lines:
<VirtualHost 127.0.0.1:443 _default_:443> ... <Directory "/opt/bitnami/APPNAME"> ... AuthType Basic AuthName MyAuthName AuthUserFile "/opt/bitnami/apache2/APPNAME_users" Require valid-user
In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:
# Require all granted
If your application has a proxy, add the following lines at the end of the file:
... <Location /> AuthType Basic AuthName "Authentication required" Require valid-user AuthUserFile "/opt/bitnami/apache2/APPNAME_users" </Location> </VirtualHost>
-
Edit the /opt/bitnami/apache2/conf/vhosts/APPNAME-https-vhost.conf file to add the following lines:
<VirtualHost 127.0.0.1:443 _default_:443> ... <Directory "/opt/bitnami/APPNAME"> ... AuthType Basic AuthName MyAuthName AuthUserFile "/opt/bitnami/apache2/APPNAME_users" Require valid-user
In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:
# Require all granted
If your application has a proxy, add the following lines at the end of the file:
... <Location /> AuthType Basic AuthName "Authentication required" Require valid-user AuthUserFile "/opt/bitnami/apache2/APPNAME_users" </Location> </VirtualHost>
-
Restart the Apache server:
$ sudo /opt/bitnami/ctlscript.sh restart apache
Approach B: Self-contained Bitnami installations
-
At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.
$ sudo /opt/bitnami/apache2/bin/htpasswd -cb /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD
-
Edit the /opt/bitnami/apps/APPNAME/conf/httpd-app.conf file to add the following lines. In addition, find the line containing Require all granted line in the same file and comment it by placing a hash (#) symbol before it, as shown below:
<Directory "/opt/bitnami/apps/APPNAME/htdocs"> ... AuthType Basic AuthName MyAuthName AuthUserFile "/opt/bitnami/apache2/APPNAME_users" Require valid-user ... <IfVersion >= 2.3> # Require all granted </IfVersion> ... </Directory>
-
If your application has a proxy, add the following lines at the end of /opt/bitnami/apps/APPNAME/conf/httpd-app.conf file:
<Location /> AuthType Basic AuthName "Authentication required" Require valid-user AuthUserFile "/opt/bitnami/apache2/APPNAME_users" </Location>
-
Restart the Apache server:
$ sudo /opt/bitnami/ctlscript.sh restart apache
When accessing the application, you will see the following authentication popup window. Enter the username and password that you have defined in the first step:
To change the password later, run the htpasswd utility without the -c switch and replace the USERNAME placeholder with the username of the account you wish to modify:
$ sudo /opt/bitnami/apache2/bin/htpasswd /opt/bitnami/apache2/APPNAME_users USERNAME
To add another user to the same file, run the htpasswd utility without the -c switch and replace the USERNAME and PASSWORD placeholders with the new username and password you wish to add.
$ sudo /opt/bitnami/apache2/bin/htpasswd -b /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD