Skip to content

Instantly share code, notes, and snippets.

@bbrewer97202
Created August 10, 2012 18:20
Show Gist options
  • Save bbrewer97202/3316425 to your computer and use it in GitHub Desktop.
Save bbrewer97202/3316425 to your computer and use it in GitHub Desktop.
Simple htaccess authentication on Heroku with cedar/php

Create an .htaccess file in the webroot:

AuthUserFile /app/www/.htpasswd
AuthType Basic
AuthName "Restricted Access"
Require valid-user

Create a .htpasswd file:

htpasswd -c /app/www/.htpasswd [username]
@noizyboy
Copy link

Be careful that you're actually running apache, and not nginx (the latter of which takes no notice of .ht* files).

I suffered a major 'doh' moment when trying to set up authentication on a demo site, only to realise (after an hour or two of trawling through discussions like this one), that I was using a procfile that specified the nginx webserver...

web: vendor/bin/heroku-php-nginx

I switched it to...

web: vendor/bin/heroku-php-apache2

...redeployed, and my .htaccess/.htpasswd files took immediate effect.

@AWolf81
Copy link

AWolf81 commented Jun 11, 2017

I cloned the repo and followed the getting started guide for php.

After the first deploy I wanted to use Auth Basic to secure the app.

Adding everything to the root of the app wasn't working for me. Not sure why it wasn't working but it looks like .htpasswd won't be added to the root directory of the app. After login in to the app with $ heroku run bash I couldn't find the .htpasswd at the root directory with $ ls -ah

For me it's working like following (same as bbrewer's code - just more details):

  • Add .htaccess file with the following content to ./web directory:

      AuthType Basic
      AuthName "Restricted access"
      AuthUserFile "/app/www/.htpasswd"
      Require valid-user
    
      RewriteEngine On
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^ index.php [QSA,L]
    
  • Procfile uses the ./web folder as web root - no changes here web: vendor/bin/heroku-php-apache2 web/

  • Then add in folder ./www the .htpasswd file with the command $ htpasswd -c ./www/.htpasswd username
    This will create a .htpasswd file inside of ./www with the content username:hashedpassword

Once setup everything you can commit your changes ($ git add . && git commit -m ...) and deploy the app with $ git push heroku master.

Screenshot of the php-getting-started example directory structure with Basic Auth:
Screenshot

@kevinarrieta
Copy link

You can also use the /app/Providers/RouteServiceProvider.php and the "auth.basic" middleware for that:

protected function mapWebRoutes(Router $router)
{
    $middlewares = ['web', 'hasTeam'];
    if(env('AUTH_BASIC', 0)){
        array_push($middlewares, "auth.basic");
    }
    $router->middleware($middlewares)
           ->namespace($this->namespace)
           ->group(base_path('routes/web.php'));
}

https://laravel.com/docs/5.8/authentication#http-basic-authentication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment