Securing Mythweb with Apache
This method is slightly more efficient than the .htaccess method, but is complicated by the fact that you must restart Apache and mis-configuring the Apache configuration file will keep Apache from restarting.
Apache password file
We will start with creating an Apache password file. I put this in /etc/httpd/conf, as I back up this directory every night to one of my other systems.
htpasswd -c /etc/httpd/conf/httpd-passwords MYUSER1
Create additional users as needed:
htpasswd /etc/httpd/conf/httpd-passwords MYUSER2
Please make sure you DO NOT use the -c after the initial user, as this will overwrite the file and start from scratch.
Modify ownership of the file as follows:
chown apache.apache /etc/httpd/conf/httpd-passwords chmod 640 /etc/httpd/conf/httpd-passwords
Editing Apache Config
Now edit /etc/httpd/conf/httpd.conf, and add the following section:
<Directory "/var/www/html/mythweb"> Options Indexes FollowSymLinks AuthType Basic AuthName "MythTV" AuthUserFile /etc/httpd/conf/httpd-passwords require user MYUSER1 MYUSER2 MYUSER3 Order allow,deny Allow from all </Directory>
Modify the password file location and required users per your needs.
If you have created a link from your music storage area to /var/www/html/mythweb/music, you can add the following to separately secure web access to this:
#MythWeb music configuration <Directory "/var/www/html/mythweb/music"> Options Indexes FollowSymLinks AuthType Basic AuthName "MythTV-Music" AuthUserFile /etc/httpd/conf/httpd-passwords Require user MYUSER4 MYUSER5 Order allow,deny Allow from all </Directory>
Again, tailor your password file and users to your needs. You can even use separate password files if you wish!
Now restart Apache, and you’re done:
service httpd restart
(this may be different on your distro)
You can do a lot more with these configuration sections, such as secure by ip address, and more. Please see the Apache docs.
Questions: email me at johanreinalda at yahoo dot com. Preferred is an email to Myth Users list, however. Here’s the configuration I used to allow users on my LAN to access MythWeb without a password, and require outside users to authenticate via pw
<Directory "/var/www/html/mythweb"> Options Indexes FollowSymLinks AuthType Basic AuthName "MythTV" AuthUserFile /etc/httpd/conf/httpd-passwords Require valid-user Order allow,deny Allow from 192.168.1. Satisfy any </Directory>