ocishopware

Password-protect access to an application with Apache

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

To configure Apache to request a username and password when accessing your application, follow these steps:

Approach A: Bitnami installations using system packages

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.

    $ sudo /opt/bitnami/apache2/bin/htpasswd -cb /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD
    
  • Edit the /opt/bitnami/apache2/conf/vhosts/APPNAME-vhost.conf file to add the following lines:

    <VirtualHost 127.0.0.1:443 _default_:443>
      ...
      <Directory "/opt/bitnami/APPNAME">
        ...
        AuthType Basic
        AuthName MyAuthName
        AuthUserFile "/opt/bitnami/apache2/APPNAME_users"
        Require valid-user
    

    In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    # Require all granted
    

    If your application has a proxy, add the following lines at the end of the file:

      ...
      <Location />
        AuthType Basic
        AuthName "Authentication required"
        Require valid-user
      </Location>
    </VirtualHost>
    
  • Edit the /opt/bitnami/apache2/conf/vhosts/APPNAME-https-vhost.conf file to add the following lines:

    <VirtualHost 127.0.0.1:443 _default_:443>
      ...
      <Directory "/opt/bitnami/APPNAME">
        ...
        AuthType Basic
        AuthName MyAuthName
        AuthUserFile "/opt/bitnami/apache2/APPNAME_users"
        Require valid-user
    

    In addition, find the line containing Require all granted in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    # Require all granted
    

    If your application has a proxy, add the following lines at the end of the file:

      ...
      <Location />
        AuthType Basic
        AuthName "Authentication required"
        Require valid-user
      </Location>
    </VirtualHost>
    
  • Restart the Apache server:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

Approach B: Self-contained Bitnami installations

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with the application name (for example, wordpress), and desired username and password, respectively.

    $ sudo /opt/bitnami/apache2/bin/htpasswd -cb /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD
    
  • Edit the /opt/bitnami/apps/APPNAME/conf/httpd-app.conf file to add the following lines. In addition, find the line containing Require all granted line in the same file and comment it by placing a hash (#) symbol before it, as shown below:

    <Directory "/opt/bitnami/apps/APPNAME/htdocs">
      ...
      AuthType Basic
      AuthName MyAuthName
      AuthUserFile "/opt/bitnami/apache2/APPNAME_users"
      Require valid-user
      ...
    
      <IfVersion >= 2.3>
        # Require all granted
      </IfVersion>
      ...
    </Directory>
    
  • If your application has a proxy, add the following lines at the end of /opt/bitnami/apps/APPNAME/conf/httpd-app.conf file:

    <Location />
      AuthType Basic
      AuthName "Authentication required"
      Require valid-user
    </Location>
    
  • Restart the Apache server:

    $ sudo /opt/bitnami/ctlscript.sh restart apache
    

When accessing the application, you will see the following authentication popup window. Enter the username and password that you have defined in the first step:

Authentication required

To change the password later, run the htpasswd utility without the -c switch and replace the USERNAME placeholder with the username of the account you wish to modify:

$ sudo /opt/bitnami/apache2/bin/htpasswd /opt/bitnami/apache2/APPNAME_users USERNAME

To add another user to the same file, run the htpasswd utility without the -c switch and replace the USERNAME and PASSWORD placeholders with the new username and password you wish to add.

$ sudo /opt/bitnami/apache2/bin/htpasswd -b /opt/bitnami/apache2/APPNAME_users USERNAME PASSWORD
Last modification June 9, 2020