Sorry, my question was not so much “is it mandatory that graylog use basic auth”, but more whether there was a way to accomplish what I’m looking for without breaking graylog 
For example, I read an older thread from Feb 2016 which talked about setting up the same username/password for a user in both graylog, and apache’s basic auth, which prevented graylog from even presenting a login screen. The thread mentioned is actually trying to “fix” that he has to unset the Authorization header, which requires logging into both http basic auth, and graylog. I personally don’t care if I have to login to both apache basic auth, and graylog, or just apache basic auth, but I’m unable to get my installation working in the way he describes.
Should this still work? Is there something I’m doing wrong when setting up the passwords in http basic auth? Ie: do they need to be salted first or something?
I’m open to other workaround ideas as well. I’m hoping I’m not the only person who wants to an apache layer of authentication to their publicly available install.