I am trying to set up apache as an authentication front end for a web backend running on port 8080. The backend has no authentication, so if you curl localhost:8080
you get the website. Port 8080 is blocked externally, so what I want is for apache to authenticate a user accessing from port 80 and then proxy to port 8080.
I believe this should be possible, as per this post on stackoverflow:
https://stackoverflow.com/questions/724599/setting-up-an-apache-proxy-with-authentication
I have tried to replicate this, however, I cannot get Apache to authenticate; it just passes directly to the proxy. Here is the virtual host config:
<VirtualHost *:80>
ServerName external.mywebsite.com
<Location "/">
Satisfy any
require valid-user
order allow,deny
Allow from all
</Location>
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order deny,allow
Allow from all
AuthType Basic
AuthName "Private"
AuthBasicProvider file
AuthUserFile /path/to/htpasswd
Require valid-user
</Proxy>
</VirtualHost>
This works in as much that browsing to external.mydomain.com outputs from the backend. So the proxy itself is working, but it's as if the Auth directives are being ignored. I also tried moving the Auth directives into the <location>
block, but this has the exact same effect.
I am using Apache2 v2.2.22 running on Ubuntu 12.04. Any suggestions?
Best Answer
Satisfy any
does exactly what it says: it allows access based on authentication or IP access control.Since you allow the former in the Proxy block and the latter in the Location block, authentication is never required.