Protecting Redmine with additional HTTP 1.1 Basic authentication

Sometimes it might be required to protect a Redmine instance with additional HTTP 1.1 Basic authentication. This blog post is a tutorial how to do that...

This tutorial is for Apache based installations.

First of all, login or navigate using a file manager to your redmine user's directory, but outside of public or public_html folders. Meaning the file we are going to create should be set outside of directory visible from internet.

For example:

cd /home/redmine

Run following command, replacing rmuser with any username you wish and enter password after running this command.
Write down password and username to secure location!

redmine@host:~$htpasswd -c .htpasswd rmuser
New password: 
Re-type new password:

Or, if you are using filemanager, you can just upload the .htpasswd file created on your local machine or using online service like this one:

Once you have done above step, proceed by creating .htaccess file in /public folder of your Redmine instance, for example with nano:

nano /home/redmine/public/.htaccess

​and paste the following contents

AuthType Basic
AuthName "Restricted Content"
AuthUserFile /home/redmine/.htpasswd
Require valid-user

Keep in mind that we are here using the Redmine installed under /home/redmine in your
case it might differ, and your Redmine might be under /opt/redmine if you installed via apt-get or on windows in C:\Redmine etc...

So you need to adjust paths to fit your system.

That's it, Redmine is protected!