Configure basic authentication for the Mindbreeze configuration site on Linux (via Apache mod_ssl module)Permanent link for this heading

First published: 9 February 2018

Last updated: 17 January 2023 (cf)

SummaryPermanent link for this heading

In order to only grant specific users access to the Mindbreeze configuration on Linux it is possible to place the configuration site behind a reverse proxy requiring basic authentication.
This article describes the necessary steps to set up the proxy, a sample proxy configuration is available as download below.
The sample sets up a proxy at port 8443 which redirects https://Mindbreeze:8443/config to http://Mindbreeze:23000
On Windows exists the possibitly to define administrators on the Administrators-Tab .

Download ZIP-Archiv SampleProxyConfiguration

InformationPermanent link for this heading

To restrict the direct access to the configuration the port of the Mindbreeze configuration site will be blocked from external hosts, therefore only allowing connections made from the local host and connections established via proxy. This means on the host itself the Mindbreeze configuration site will still be accessible to any user. Users who access the Mindbreeze configuration site via proxy (which is he only possible way except being directly connected to the host) must authenticate themselves via basic authentication.

SolutionPermanent link for this heading

Installing the Apache HTTP Server and the Module mod_ssl:

yum install httpd mod_ssl

Adding the sample proxy configuration to the default Apache HTTP Server Configuration httpd.conf:

Download the sample proxy configuration (ZIP-Archiv SampleProxyConfiguration) and copy it to /etc/httpd/conf/
Include the proxy.conf by adding the following line to the configuration file /etc/httpd/conf/httpd.conf :
Include conf/proxy.conf

Creating a SSL-Certificate for the Proxy:

It is necessary to define a SSL certificate in PEM Format ( ) as well as the corresponding private key ( ).
Store the certificate as /etc/admin/certificates/ca.crt and the private key as /etc/admin/certificates/ca.key .
The names and paths of the certificate and private key can be changed in lines 77 and 79 of the sample proxy configuration.
For initial testing you can create a self-signed certificate via openssl, in a production environment please use certificates from your public key infrastructure (PKI).

Check the Apache HTTP Server configuration:

If there are no syntax errors and the SSL-certificate and private key are available at the specified location, see chapter2 - this check should return "Syntax OK".

apachectl configtest

Define which users are allowed to open the Mindbreeze configuration site (set up basic authentication via htpasswd):

When executing the following command you need to specify a password for the user which is stored encrypted at /etc/admin/htaccess/htpasswd . The path is specified in line 143 of the sample proxy configuration.

htpasswd -c /etc/admin/htaccess/htpasswd user

Configure Iptables:

Accepting connections to the management port 23000 from source localhost:

iptables -A INPUT -p tcp -s localhost --dport -j ACCEPT

Denying all connections to destination port 23000

iptables -A INPUT -p tcp --dport 23000 -j DROP

Due to iptables rules being a chain, connections from localhost to port 23000 are allowed (rule no. 1), external connections are dropped because of rule no. 2.

Useful links and further documentationPermanent link for this heading

Sample Proxy Configuration Download - ZIP-Archiv SampleProxyConfiguration

Apache HTTP Server -

mod_ssl Module -

htpasswd -

iptables -

Download PDF

Download PDF