Apache reverse proxy with basic authentication

You can follow the instructions here: Authentication, Authorization and Access Control. The main difference for your reverse proxy is that you'll want to put the auth stuff inside a Location block, even though the docs say that they're only allowed in Directory blocks:

<Location />    AuthType Basic    ...</Location>

Outside the Location block you can put your proxy commands, such as:

ProxyPass / http://localhost:8080/

First, check if your apache2 has the utils package

sudo apt-get install apache2-utils

Then, set the username and password.

sudo htpasswd -c /etc/apache2/.htpasswd <username>

After that, edit your reverse proxy to use the authentication

<VirtualHost *:80>    ProxyPreserveHost On    ProxyPass / http://someaddress:1234/    ProxyPassReverse / http://someaddress:1234/    Timeout 5400    ProxyTimeout 5400    ServerName dev.mydomain.com    ServerAlias *.dev.mydomain.com    <Proxy *>        Order deny,allow        Allow from all        Authtype Basic        Authname "Password Required"        AuthUserFile /etc/apache2/.htpasswd        Require valid-user    </Proxy></virtualhost>

At least, update your apache

sudo service apache2 reload

Here's the config I have used to accomplish basic authentication over https against a database. My backend server is running Tomcat and I connect to it using AJP. The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port.

<IfModule mod_ssl.c>NameVirtualHost *:4443<VirtualHost *:4443>        ServerAdmin webmaster@localhost        ServerName ws.myserver.se        ServerAlias ws.myserveralias.se        ErrorLog /var/log/apache2/ajpProxy.error.log        # Possible values include: debug, info, notice, warn, error, crit,        # alert, emerg.        LogLevel info        CustomLog /var/log/apache2/ajpProxy.log combined        DBDriver mysql        DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName"        DBDMin  4        DBDKeep 8        DBDMax  20        DBDExptime 300                <Proxy *>              # core authentication and mod_auth_basic configuration              # for mod_authn_dbd              AuthType Basic              AuthName "Backend auth name"              AuthBasicProvider dbd             # core authorization configuration              Require valid-user              # mod_authn_dbd SQL query to authenticate a user              AuthDBDUserPWQuery \                "SELECT password FROM user WHERE emailAddress = %s"              AddDefaultCharset Off              Order deny,allow              Allow from all        </Proxy>        ProxyPass / ajp://localhost:8009/        ProxyPassReverse / ajp://localhost:8009/        #   SSL Engine Switch:        #   Enable/Disable SSL for this virtual host.        SSLEngine on        #   A self-signed (snakeoil) certificate can be created by installing        #   the ssl-cert package. See        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.        #   If both key and certificate are stored in the same file, only the        #   SSLCertificateFile directive is needed.        SSLCertificateFile    /etc/apache2/ssl/yourCertificateFile.crt        SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key        <FilesMatch "\.(cgi|shtml|phtml|php)$">                SSLOptions +StdEnvVars        </FilesMatch>        <Directory /usr/lib/cgi-bin>                SSLOptions +StdEnvVars        </Directory>        BrowserMatch "MSIE [2-6]" \                nokeepalive ssl-unclean-shutdown \                downgrade-1.0 force-response-1.0        # MSIE 7 and newer should be able to use keepalive        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown</VirtualHost></IfModule>