diff --git a/changelog.md b/changelog.md
index 07d651f9..547f3eaa 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,13 +1,13 @@
-[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/93c19f2) (2017-09-21) docker: updated to stretch and added NextCloudPi layer
+[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/0a5eabe) (2017-09-24) ncp-web: authentication fixes
-[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/94a6513) (2017-09-20) changed hostname
+[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/353be22) (2017-09-20) changed hostname
-[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/03b0263) (2017-09-20) lamp: add fileinfo mcrypt packages
+[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/0733636) (2017-09-20) lamp: add fileinfo mcrypt packages
-[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/74a97c3) (2017-09-20) updated to NC12.0.3
+[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/0c1f1af) (2017-09-20) updated to NC12.0.3
-[v0.28.2](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master
+[v0.28.2 ](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master
[v0.28.1 ](https://github.com/nextcloud/nextcloudpi/commit/3b71b3d) (2017-09-15) nc-static-IP: add new IP to trusted domain
diff --git a/lamp.sh b/lamp.sh
index 18eed1af..befe147c 100644
--- a/lamp.sh
+++ b/lamp.sh
@@ -33,7 +33,6 @@ install()
$APTINSTALL cron
$APTINSTALL util-linux # TODO only need getopt (busybox?)
$APTINSTALL apache2
- $APTINSTALL libapache2-mod-authnz-external
$APTINSTALL php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-APC php7.0-fileinfo php7.0-mcrypt
mkdir -p /run/php
@@ -109,7 +108,6 @@ EOF
a2enmod dir
a2enmod mime
a2enmod ssl
- a2enmod authnz_external
a2dismod -f status reqtimeout env autoindex access_compat auth_basic authn_file authn_core alias access_compat
echo "ServerName localhost" >> /etc/apache2/apache2.conf
diff --git a/nextcloudpi.sh b/nextcloudpi.sh
index fad2d2de..ace828ae 100644
--- a/nextcloudpi.sh
+++ b/nextcloudpi.sh
@@ -50,7 +50,7 @@ Listen 4443
AuthType Basic
- AuthName "Login"
+ AuthName "ncp-web login"
AuthBasicProvider external
AuthExternal pwauth
@@ -70,6 +70,8 @@ Listen 4443
EOF
+ $APTINSTALL libapache2-mod-authnz-external pwauth
+ a2enmod authnz_external authn_core auth_basic
a2ensite ncp
mkdir /home/www -p
diff --git a/update.sh b/update.sh
index 19b91d2f..9d4ffd27 100755
--- a/update.sh
+++ b/update.sh
@@ -202,6 +202,50 @@ test -f /usr/local/etc/ncp-baseimage || echo "untagged" > /usr/local/etc/ncp-bas
# remove artifacts
rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt
+# ncp-web password auth
+ grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || {
+ CERTFILE=$( grep SSLCertificateFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+ KEYFILE=$( grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+ cat > /etc/apache2/sites-available/ncp.conf <
+ DocumentRoot /var/www/ncp-web
+ SSLEngine on
+ SSLCertificateFile $CERTFILE
+ SSLCertificateKeyFile $KEYFILE
+
+
+ DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+
+
+
+
+
+ AuthType Basic
+ AuthName "ncp-web login"
+ AuthBasicProvider external
+ AuthExternal pwauth
+
+
+
+
+ Require host localhost
+ Require local
+ Require ip 192.168
+ Require ip 10
+
+
+ Require user pi
+
+
+
+
+EOF
+ apt-get update
+ apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth
+ a2enmod authnz_external authn_core auth_basic
+ bash -c "sleep 2 && systemctl restart apache2" &>/dev/null &
+ }
}
# License