Apache reverse proxy with basic authentication
You can follow the instructions here: Authentication, Authorization and Access Control. The main difference for your reverse proxy is that you'll want to put the auth stuff inside a Location block, even though the docs say that they're only allowed in Directory blocks:
<Location /> AuthType Basic ...</Location>
Outside the Location block you can put your proxy commands, such as:
ProxyPass / http://localhost:8080/
First, check if your apache2 has the utils package
sudo apt-get install apache2-utils
Then, set the username and password.
sudo htpasswd -c /etc/apache2/.htpasswd <username>
After that, edit your reverse proxy to use the authentication
<VirtualHost *:80> ProxyPreserveHost On ProxyPass / http://someaddress:1234/ ProxyPassReverse / http://someaddress:1234/ Timeout 5400 ProxyTimeout 5400 ServerName dev.mydomain.com ServerAlias *.dev.mydomain.com <Proxy *> Order deny,allow Allow from all Authtype Basic Authname "Password Required" AuthUserFile /etc/apache2/.htpasswd Require valid-user </Proxy></virtualhost>
At least, update your apache
sudo service apache2 reload
Here's the config I have used to accomplish basic authentication over https against a database. My backend server is running Tomcat and I connect to it using AJP. The funny port number (4443) is because the standard port (443) was already used, and I didn't want to configure several https services on the same port.
<IfModule mod_ssl.c>NameVirtualHost *:4443<VirtualHost *:4443> ServerAdmin webmaster@localhost ServerName ws.myserver.se ServerAlias ws.myserveralias.se ErrorLog /var/log/apache2/ajpProxy.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel info CustomLog /var/log/apache2/ajpProxy.log combined DBDriver mysql DBDParams "host=127.0.0.1 port=3306 user=proxyAuthUser pass=yourDbPasswordHere dbname=yourDbName" DBDMin 4 DBDKeep 8 DBDMax 20 DBDExptime 300 <Proxy *> # core authentication and mod_auth_basic configuration # for mod_authn_dbd AuthType Basic AuthName "Backend auth name" AuthBasicProvider dbd # core authorization configuration Require valid-user # mod_authn_dbd SQL query to authenticate a user AuthDBDUserPWQuery \ "SELECT password FROM user WHERE emailAddress = %s" AddDefaultCharset Off Order deny,allow Allow from all </Proxy> ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/apache2/ssl/yourCertificateFile.crt SSLCertificateKeyFile /etc/apache2/ssl/yourPrivateKeyFile.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown</VirtualHost></IfModule>