Static Webserver password protection?

Hi,
I use Hass.io on a Raspberry Pi. I know that there is a static Webserver running, in /config/www/ and I can browse it on https://xxx.duckdns.org/local/.
But the folder is not protected by the home assistant password- so I have to protect it by .htaccess? Am I right? I try it with htaccess but it won’t work- is that the right path in the htaccess file?

AuthType Basic
AuthUserFile /config/www/.htpasswd
AuthName "Admin Bereich"
require valid-user

Thank you

No answer to this? I have the same need. I’ve developed a dashboard in vanilla js that I want to place in the www folder but I don’t want to expose sensitive information.
Would be nice to have an option to include the www folder under the same security as the native web gui.
Or use htaccess

2 Likes

I’m also wondering if this is a bug or intentional. Until now I assumed that only logged in users can load the files.

I would assume best way to protect those is with nginix?

1 Like