Webserver .htaccess password protection

Moderator: Lillian.W@AST

Post Reply
User avatar
father.mande
Posts: 1815
youtube meble na wymiar Warszawa
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: Webserver .htaccess password protection

Post by father.mande »

Hi,

I just wanted to remind you that ... Asustor support MUST help you to understand this .htaccess ... it's a basic feature of Apache provide by Asustor.

I have the same A.D.M. version

For docker I don't use it, because I don't want to add (hidden) function and management to a tool available as is from source code and native. Also, even if it's not your case ... solution like Entware support ALL NAS architecture.
In second point ... I don't understand why used container build by unknown people (so with sometimes, malware, mining, etc.) when it's so easy (after some study) to create and manage containers with a unique command ...

But it's your choice and you are the "master in your castle" ... :D :D
If you have some basic knowledge on Docker ... sure, I think, you can use it.

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
Top
SinnerLike
Posts: 4
Joined: Thu Dec 01, 2016 3:22 pm

Re: Webserver .htaccess password protection

Post by SinnerLike »

See the log for this error

Code: Select all

Nov 09 16:51:17.168465 2022] [core:alert] [pid 15683] [client xx.xx.xx.xx:14914] /volume1/Web/xxx/.htaccess: Invalid command 'AuthType', perhaps misspelled or defined by a module not included in the server configuration
Top
User avatar
Nazar78
Posts: 2058
Joined: Wed Jul 17, 2019 10:21 pm
Location: Singapore
Contact:
Contact Nazar78

Re: Webserver .htaccess password protection

Post by Nazar78 »

I'm not using Asustor's Apache2 nor Nginx implementation, instead I'm using Nginx in custom chroot, but just had it tested. Seems there's some misconfiguration not rectified by Asustor. The module is there but not loaded, there's changes in Apache2.4 IIRC. You guys should report it to Asustor.

I just did a quick fix below, if you're familiar with Apache just skip few of the steps you think it's necessary. Take note of the installed version e.g. 2.4.43:
  • 1. Add the missing module config:

    Code: Select all

    echo "LoadModule authn_core_module /usr/local/AppCentral/httpd-2.4.43/data/lib/apache2/modules/mod_authn_core.so">/usr/local/AppCentral/httpd-2.4.43/data/conf/mods-available/authn_core.conf
    2. Enable it using symlink (usually we do this with a2enmod, but again this is Asustor's):

    Code: Select all

    ln -s ../mods-available/authn_core.conf /usr/local/AppCentral/httpd-2.4.43/data/conf/mods-enabled/authn_core.conf
    3. Reload the httpd:
    There's no reload in Asustor's implementation but you can send a HUP signal to the httpd process asking it to reload:

    Code: Select all

    kill -1 `cat /usr/local/AppCentral/httpd-2.4.43/data/var/run/apache2/httpd.pid`
    Or just restart:

    Code: Select all

    /usr/local/AppCentral/httpd-2.4.43/data/binary/sbin/apache2 -k restart
    4. Create the .htaccess in the path you need authentication:

    Code: Select all

    cat>/volume1/Web/.htaccess<<EOF
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /volume1/Web/.htpasswd
Require valid-user
EOF
    5. Create the .htpasswd. Warning: to update an existing password, issue without the -c switch else it will overwrite the whole password file:

    Code: Select all

    /usr/local/AppCentral/httpd-2.4.43/data/binary/bin/htpasswd -c /volume1/Web/.htpasswd the-user-name
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps

When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Top
Post Reply

Return to “[Official] For AS52xx/53xx/66xx Series”