Discussion:
turning authentication off in apache for a sub location
(too old to reply)
Popping Mad
2020-05-06 13:58:48 UTC
Permalink
I am trying to turn off the authentication for a subdirectory that is
protected by authentication

admin.bios-living.com

is protected as a virtual domain

<VirtualHost *:80>
ServerName admin.bios-living.com
ServerAdmin ***@mrbrklyn.com
DocumentRoot "/usr/local/apache2/htdocs/admin"
Alias "/.well-known/acme-challenge/" "/usr/local/apache2/htdocs/tokens/"
# SSLEngine on
# SSLOptions +StrictRequire
# SSLCertificateFile /var/lib/ca-certificates/pem/bios-living.com.crt
# SSLCertificateKeyFile /etc/ssl/private/bios-living.com.key
Header set Cache-Control "no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "0"

Options Indexes
<Files *.html>
SetHandler perl-script
PerlResponseHandler Embperl
</Files>
<Location "/">
AuthType basic
AuthName "admin"
AuthBasicProvider file
AuthUserFile "/usr/local/apache2/conf/admin.auth"
Require valid-user
Options +Indexes +FollowSymLinks
</Location>


Now I need to carve out a resource for letsencrypt without
authentication and without ssl

Nothing seems to work

Alias "/.well-known/acme-challenge/" "/usr/local/apache2/htdocs/tokens/"


<Location "/.well-known/acme-challenge/">
Require all granted
</Location>


<Directory "/usr/local/apache2/htdocs/tokens/">
Require all granted
</Directory>
tom
2020-05-08 22:41:26 UTC
Permalink
On Wed, 6 May 2020 09:58:48 -0400
Post by Popping Mad
I am trying to turn off the authentication for a subdirectory that is
protected by authentication
admin.bios-living.com
is protected as a virtual domain
<VirtualHost *:80>
ServerName admin.bios-living.com
DocumentRoot "/usr/local/apache2/htdocs/admin"
Alias "/.well-known/acme-challenge/"
"/usr/local/apache2/htdocs/tokens/" # SSLEngine on
# SSLOptions +StrictRequire
#
SSLCertificateFile /var/lib/ca-certificates/pem/bios-living.com.crt
# SSLCertificateKeyFile /etc/ssl/private/bios-living.com.key
Header set Cache-Control "no-store, must-revalidate" Header set
Pragma "no-cache" Header set Expires "0"
Options Indexes
<Files *.html>
SetHandler perl-script
PerlResponseHandler Embperl
</Files>
<Location "/">
AuthType basic
AuthName "admin"
AuthBasicProvider file
AuthUserFile "/usr/local/apache2/conf/admin.auth"
Require valid-user
Options +Indexes +FollowSymLinks
</Location>
Now I need to carve out a resource for letsencrypt without
authentication and without ssl
Nothing seems to work
Alias "/.well-known/acme-challenge/"
"/usr/local/apache2/htdocs/tokens/"
<Location "/.well-known/acme-challenge/">
Require all granted
</Location>
<Directory "/usr/local/apache2/htdocs/tokens/">
Require all granted
</Directory>
Generally what I do is map /.well-known/ to a common directory on the
system, such as /var/www/well-known that was the same well-known can be
used across many virtual hosts. Ounce you have that setup you can use a
very simple implementation of ACME such as dehydrated.sh
https://github.com/dehydrated-io/dehydrated tell it to put challenge
files in /var/www/well-known/ and setup a cron job for it (see
documentation).

That way you can even manage (at least with NGINX) the entire wellknown
directly with separate permissions and a simple include
snippers/acme.conf for sites. I'm sure you could re-implement similar
functionality in Apache.

Hope this helps
Tom
--
____________________________________
/ An idea is not responsible for the \
\ people who believe in it. /
------------------------------------
\
\
/\ /\
//\\_//\\ ____
\_ _/ / /
/ * * \ /^^^]
\_\O/_/ [ ]
/ \_ [ /
\ \_ / /
[ [ / \/ _/
_[ [ \ /_/
Loading...