Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple htaccess authentication on Heroku with cedar/php

Create an .htaccess file in the webroot:

AuthUserFile /app/www/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user

Create a .htpasswd file:

htpasswd -c /app/www/.htpasswd [username]
@bogdanRada

This comment has been minimized.

Copy link

commented Mar 15, 2013

i am not sure i understand , how do you create the htpasswd on heroku? i tried the following command :

heroku run htpasswd -c /app/www/.htpasswd joe

but it tells me resource not found.

And when i do heroku run pwd it tells me that i am on the /app folder but
when running heroku run dirs it only shows me this folder. Am i missing something?

@bogdanRada

This comment has been minimized.

Copy link

commented Mar 15, 2013

ahh, i know now how after a bit of research .
it seems i had to do first "heroku run bash"
then cd into the app/www and create the htpasswd file
Now everything works nicely. Thanks man! Your post is really helpful

@bhas4

This comment has been minimized.

Copy link

commented Mar 23, 2013

This does not seem to work, even though the /app/www/.htpasswd file exists.. fails with error saying unable to read the file on accessing the site.

@dmcycloid

This comment has been minimized.

Copy link

commented Apr 4, 2013

@bogdanRada it appears you can also simply create the .ht* files in your application root, which becomes /app/www/ when you push and deploy to the Heroku server

@panwaria

This comment has been minimized.

Copy link

commented Feb 2, 2014

@dmcycloid: That's right.
Does any one know how to configure Apache mod_rewrite on heroku and restart apache on heroku server, after you add .htaccess to the web root?

@jmontross

This comment has been minimized.

Copy link

commented Dec 26, 2014

dead thread?
Here's my htaccess - not working!
cat .htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{HTTP_HOST} ^(www.)?karmagrove.com$ [NC]
RewriteRule ^$ https://www.karmagrove.com/%{REQUEST_URI} [R,L]~ $

@mkollinsmith

This comment has been minimized.

Copy link

commented Mar 17, 2015

If you've specified a directory other than the default in your Procfile, eg:

web: vendor/bin/heroku-php-apache2 MY_WEB_DIR/

then the htpasswd / htaccess files won't be in app/www, they'll be in app/MY_WEB_DIR. So, change your path to the htpasswd file in htaccess to:

/app/MY_WEB_DIR/.htpasswd

@xavriley

This comment has been minimized.

Copy link

commented Jun 3, 2016

Using heroku run bash for this won't work as the changes to the filesystem are lost each time the dyno reboots (which is at least every 24 hours).

You'll need to run

htpasswd -c /app/www/.htpasswd [username]

locally and commit the file to git before deploying.

@cwmanning

This comment has been minimized.

Copy link

commented Jul 25, 2016

As of July 2016, some subtle changes are necessary on heroku-php-apache2. Please note that the path to the .htpasswd file no longer contains the www directory and that the .htpasswd file should be in the webroot as well.

Create an .htaccess file in the webroot:

AuthUserFile /app/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user

Create a .htpasswd file, also in the webroot:

htpasswd -c .htpasswd [username]

Commit local changes. Deploy to Heroku.

@Manishsfdc1

This comment has been minimized.

Copy link

commented Sep 2, 2016

i have add both .htaccess. and .htpasswd.md in my root directory and commit the changes on heroku but it not show any authorization process or message.
I have used following code in my file.

Create an .htaccess file in the root:

AuthUserFile /app/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user

Create a .htpasswd file, also in the root :

htpasswd -c .htpasswd [username]

Please suggest some idea to get out of this problem.

@javier-tarazaga

This comment has been minimized.

Copy link

commented Jan 12, 2017

+1 here. Not working with .htaccess and .htpasswd in the root of the application. @cwmanning any ideas?

Wait, could this be because of this is running cedar/php? I am currently trying it with a nodejs project.

@noizyboy

This comment has been minimized.

Copy link

commented Jan 15, 2017

Be careful that you're actually running apache, and not nginx (the latter of which takes no notice of .ht* files).

I suffered a major 'doh' moment when trying to set up authentication on a demo site, only to realise (after an hour or two of trawling through discussions like this one), that I was using a procfile that specified the nginx webserver...

web: vendor/bin/heroku-php-nginx

I switched it to...

web: vendor/bin/heroku-php-apache2

...redeployed, and my .htaccess/.htpasswd files took immediate effect.

@AWolf81

This comment has been minimized.

Copy link

commented Jun 11, 2017

I cloned the repo and followed the getting started guide for php.

After the first deploy I wanted to use Auth Basic to secure the app.

Adding everything to the root of the app wasn't working for me. Not sure why it wasn't working but it looks like .htpasswd won't be added to the root directory of the app. After login in to the app with $ heroku run bash I couldn't find the .htpasswd at the root directory with $ ls -ah

For me it's working like following (same as bbrewer's code - just more details):

  • Add .htaccess file with the following content to ./web directory:

      AuthType Basic
      AuthName "Restricted access"
      AuthUserFile "/app/www/.htpasswd"
      Require valid-user
    
      RewriteEngine On
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^ index.php [QSA,L]
    
  • Procfile uses the ./web folder as web root - no changes here web: vendor/bin/heroku-php-apache2 web/

  • Then add in folder ./www the .htpasswd file with the command $ htpasswd -c ./www/.htpasswd username
    This will create a .htpasswd file inside of ./www with the content username:hashedpassword

Once setup everything you can commit your changes ($ git add . && git commit -m ...) and deploy the app with $ git push heroku master.

Screenshot of the php-getting-started example directory structure with Basic Auth:
Screenshot

@kevinarrieta

This comment has been minimized.

Copy link

commented May 15, 2019

You can also use the /app/Providers/RouteServiceProvider.php and the "auth.basic" middleware for that:

protected function mapWebRoutes(Router $router)
{
    $middlewares = ['web', 'hasTeam'];
    if(env('AUTH_BASIC', 0)){
        array_push($middlewares, "auth.basic");
    }
    $router->middleware($middlewares)
           ->namespace($this->namespace)
           ->group(base_path('routes/web.php'));
}

https://laravel.com/docs/5.8/authentication#http-basic-authentication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.