by default debian/stretch apache2 installation have mod_rewrite disabled (at least the one used with debootstrap and lxc containers) so few steps are needed to enable it and .htaccess files
enable mod_rewrite (apache2 must be restarted, see below)
a2endmod rewrite
in the virtual host configuration enable .htaccess (apache2 must be restarted, see below)
<Directory "/var/www/htdocs">
AllowOverride All
</Directory>
optionally enable mod_rewrite log (in the virtual host configuration) output goes into error.log (don’t leave it enabled in production) note: rewrite engine may need to be enabled before (apache2 must be restarted, see below)
RewriteEngine On
LogLevel alert rewrite:trace6
restart apache
systemctl restart apache2
.htaccess
:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
AuthType Basic
AuthName "Private Area"
AuthUserFile /full-path/.htpasswd
AuthGroupFile /dev/null
require valid-user
ErrorDocument 401 /relative-to-document-root/401.html