Add basic authentication to unmanic with nginx

This commit is contained in:
RealStickman 2023-06-01 20:33:10 +02:00
parent 0c5c3a258b
commit 102932216c

View File

@ -25,9 +25,81 @@ podman run -itd \
docker.io/josh5/unmanic:latest docker.io/josh5/unmanic:latest
``` ```
If the connection will be established through a webserver running on the same machine, use `-p 127.0.0.1:8888:8888` instead to only allow connections from the local host.
## Authentication ## Authentication
> [nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/) > [nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
Unmanic does not have any authentication built in. However, it does support basic authentication for remote servers. Unmanic does not have any authentication built in. However, it does support basic authentication for remote servers.
To use basic auth however, a webserver has to be configured through which Unmanic will be accessed. To use basic auth however, a webserver has to be configured through which Unmanic will be accessed.
Nginx will be used as the webserver, while apache2-utils is necessary to create the password file.
```sh
sudo apt install nginx apache2-utils
```
Create a new password file
```sh
sudo htpasswd -c /etc/apache2/.htpasswd [USER]
```
Additional users can be added by omitting the `-c` switch
```sh
sudo htpasswd -c /etc/apache2/.htpasswd [USER]
```
Nginx configuration file
```nginx
server {
server_name unmanic.ovh1app1.x9w.ch;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
# Proxy main traffic
proxy_pass http://127.0.0.1:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Proxy WebSocket connection
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Basic Authentication
auth_basic "Unmanic";
auth_basic_user_file /etc/apache2/.htpasswd;
}
listen *:80;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
#ssl_certificate_key /etc/acme-sh/unmanic.ovh1app1.x9w.ch/key.pem;
#ssl_certificate /etc/acme-sh/unmanic.ovh1app1.x9w.ch/cert.pem;
}
#server {
# if ($host = unmanic.ovh1app1.x9w.ch) {
# return 301 https://$host$request_uri;
# }
# listen 80;
# listen [::]:80;
# server_name unmanic.ovh1app1.x9w.ch;
# return 404;
#}
```