Basic authentication apache

cezmaj · January 29, 2024, 7:37am

[I have nextcloud 27.1.4.1 installed on debian 12.
I have LDAP connected there and about 500 users and I use SSL.
Is it possible to install Basic HTTP Authentication in Apache?

I tried to do it, but it doesn’t work properly.
Below is the entry in the apache nextcloudssl.conf configuration file.

<Directory /mnt/nextcloud/>
        AuthType Basic
        AuthName "nextcloud"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

 # Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
        SetEnv HOME /drives/nextcloud
        SetEnv HTTP_HOME /drives/nextcloud
</Directory>

I came across the following problems.

Of course, if the “Require all granted” entry is active, then basic auth. doesn’t work.

The “Require all granted” entry is disabled.

You can log in, but only if your basic auth. login and password already exists in nextcloud and the system logs in to nextcloud immediately.
When a link to share a file is sent to a person who does not have a nextcloud account, unfortunately this person does not have access to this file. The link is blocked, it is not possible to enter the basic auth login and password.

wwe · January 29, 2024, 9:29pm

hi @cezmaj please explain you goal more clear. If I understand you right you try to add Apache basic auth additionally to Nextcloud auth?

ernolf · January 29, 2024, 10:33pm

cezmaj:

Is it possible to install Basic HTTP Authentication in Apache?

// … //

<Directory /mnt/nextcloud/>
        AuthType Basic
        AuthName "nextcloud"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

 # Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
        SetEnv HOME /drives/nextcloud
        SetEnv HTTP_HOME /drives/nextcloud
</Directory>

This is not possible and does not work with nextcloud.
Nextcloud comes with its own authentication which needs the permissive setting (Require all granted)

What IS possible though, is that you add extra directories as aliases within the nextcloud tree with basic authentication.

Here an example with an extra directory “admin” inside of your nextcloud tree, which would be reachable under https://cloud.bar.baz/admin:

I hope this gets you in the right direction

Much and good luck,
ernolf

cezmaj · January 29, 2024, 11:58pm

Hi @wwe , yes my goal was to setup Apache basic auth additionally to Nextcloud auth, thanks.

cezmaj · January 30, 2024, 12:01am

Hi @ernolf, thanks I will test your advice.

devnull · January 30, 2024, 8:38am

Even if it were possible, the combination of Nextcloud user management with Basic authentication would not really make sense. What do you want to achieve with it anyway? Double authentication or disable Nextcloud authentication?

Basic authentication makes sense if you use a file manager that does not use its own user management or whose user management can be switched off. You can take a look at Tiny File Manager for this. If you disable user management there, you can use Basic Authentication to build something that really makes sense. But of course this application does not offer the basic functions of Nextcloud such as sharing folders and files.