nativeInstallerorocrm

Password-protect access to an application with Apache

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "installdir/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

To configure Apache to request a username and password when accessing your application, follow these steps:

Approach A: Bitnami installations using system packages

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.

    $ sudo installdir/apache2/bin/htpasswd -cb installdir/apache2/APPNAME_users USERNAME PASSWORD

  • Edit the installdir/apache2/conf/vhosts/APPNAME-vhost.conf file to add the following lines:

    <VirtualHost 127.0.0.1:443 _default_:443>
  ...
  <Directory "installdir/APPNAME">
    ...
    AuthType Basic
    AuthName MyAuthName
    AuthUserFile "installdir/apache2/APPNAME_users"
    Require valid-user

    In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    # Require all granted

    If your application has a proxy, add the following lines at the end of the file:

      ...
  <Location />
    AuthType Basic
    AuthName "Authentication required"
    Require valid-user
  </Location>
</VirtualHost>

  • Edit the installdir/apache2/conf/vhosts/APPNAME-https-vhost.conf file to add the following lines:

    <VirtualHost 127.0.0.1:443 _default_:443>
  ...
  <Directory "installdir/APPNAME">
    ...
    AuthType Basic
    AuthName MyAuthName
    AuthUserFile "installdir/apache2/APPNAME_users"
    Require valid-user

    In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    # Require all granted

    If your application has a proxy, add the following lines at the end of the file:

      ...
  <Location />
    AuthType Basic
    AuthName "Authentication required"
    Require valid-user
  </Location>
</VirtualHost>

  • Restart the Apache server:

    $ sudo installdir/ctlscript.sh restart apache

Approach B: Self-contained Bitnami installations

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.

    $ sudo installdir/apache2/bin/htpasswd -cb installdir/apache2/APPNAME_users USERNAME PASSWORD

  • Edit the installdir/apps/APPNAME/conf/httpd-app.conf file to add the following lines. In addition, find the line containing Require all granted line in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    <Directory "installdir/apps/APPNAME/htdocs">
  ...
  AuthType Basic
  AuthName MyAuthName
  AuthUserFile "installdir/apache2/APPNAME_users"
  Require valid-user
  ...

  <IfVersion >= 2.3>
    # Require all granted
  </IfVersion>
  ...
</Directory>

  • If your application has a proxy, add the following lines at the end of installdir/apps/APPNAME/conf/httpd-app.conf file:

    <Location />
  AuthType Basic
  AuthName "Authentication required"
  Require valid-user
</Location>

  • Restart the Apache server:

    $ sudo installdir/ctlscript.sh restart apache

When accessing the application, you will see the following authentication popup window. Enter the username and password that you have defined in the first step:

Authentication required

To change the password later, run the htpasswd utility without the -c switch and replace the USERNAME placeholder with the username of the account you wish to modify:

$ sudo installdir/apache2/bin/htpasswd installdir/apache2/APPNAME_users USERNAME

To add another user to the same file, run the htpasswd utility without the -c switch and replace the USERNAME and PASSWORD placeholders with the new username and password you wish to add.

$ sudo installdir/apache2/bin/htpasswd -b installdir/apache2/APPNAME_users USERNAME PASSWORD
Last modification June 9, 2020