Apache proxy with digest authentication

By , Sunday 27th March 2011 12:57 pm

This post will quickly show you how to set up proxying with basic authentication using apache.

In my case I wanted to have transmission bit torrent client available over the internet so I could check on the state and adminster torrent downloads (such as the latest fedora release) as required. Transmission itself runs its web client on port 9091 by default. Rather than bother opening up more ports on my firewall and adding the nessecary port forwarding rules I decided I’d just proxy the calls through to transmission via apache using mod_proxy.

To do this I setup a new subdomain that would be the end point for the web client and added the appropriate vhost configuration as follows:

<VirtualHost *:80>
    ServerName sub-domain.server.tld
    <Location />
        ProxyPass http://localhost:9091/
    </Location>
</VirtualHost>

After restarting apache you are now able to navigate to your end point and see the transmission web client.

Although transmission has its own authentication for the web client I’ve found it a little buggy (sometimes works, sometimes loses settings, etc) so I decided to go with authentication via apache using mod_auth_digest, I decided on this since its no more work than basic authentication and makes things a little more secure.

So in order to set this up firstly we need to create a password file using the command htdigest. Its usage is almost exactly the same as htpasswd, but there’s one extra argument which is realm. Realm is the area in which the username and password are valid, you can define several realms, the only thing to ensure is that when you create your username and password realm it is the same as that specified in your vhost configuration. For this example I’m just going to use private.

So firstly create a new digest password file and add the first user:

htdigest -c /var/lib/transmission/passwd-digest private lloyd

You will be asked to enter a password for the new users. When adding subsequent users do not use the -c flag (this is only used to initially create the password file).

Next we update the vhost configuration with the authentication details as follows:

<VirtualHost *:80>
    ServerName sub-domain.server.tld
    <Location />
        ProxyPass http://localhost:9091/
        AuthType Digest
        AuthName "private"
        AuthUserFile /var/lib/transmission/digest-passwd
        Require valid-user
    </Location>
</VirtualHost>

Once this is complete, restart apache and navigate to your end point and you will be asked for a username and password.

Liked this post? Follow this blog to get more. 

Leave a Reply

You must be logged in to post a comment.

Panorama Theme by Themocracy

2 visitors online now
1 guests, 1 bots, 0 members
Max visitors today: 4 at 12:53 am UTC
This month: 16 at 07-08-2017 06:57 am UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC