Apache httpd proxy – Protect your website with a htaccess login

Currently, I ran into the following scenario:
I had just set up a docker container on my CentOS for a new website.
The website was still under construction and shouldn’t be public while still being reachable over the web.

Current Setup

At the moment the container was running behind an Apache httpd server that’s acting as a proxy and handling the SSL encryption.

(docker container)
Apache httpd
Apache httpd
Viewer does not support full SVG 1.1

Set up password protecting using htaccess

Due to the site being unfinished, public access should be restricted.
Therefore, I wanted to use a password. This can be accomplished by using a .htaccess-file, witch needs to be referenced in the VirtualHosts-section of the apache config.

<VirtualHost *:443>
    ServerName yannick-huber.de
    ServerAlias www.yannick-huber.de

    #Password protection
    <Location />
       Deny from all
       AuthUserFile /etc/path/to/.htusers
       AuthName "Under Construction"
       AuthType Basic
       Satisfy Any
       require valid-user

    #Proxy settings
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/


After changing your apache2 config, the httpd service should be restarted. This can be done by running the following command:

sudo systemctl restart httpd

Creating .htusers file

If you don’t have a htusers file yet, you can generate it by running the following command:

sudo htpasswd -c .htusers username

You will then be asked which password should be set for the new user. After entering the secure password the htusers file will be created. You can validate if the file was created by running:

ls -a

Verifying the new access restriction

You can validate your new password protection by opening the website in your preferred browser.
If everything works, you see a prompt asking for a username and a password.