Add basic authentication to unmanic with nginx
This commit is contained in:
parent
0c5c3a258b
commit
102932216c
@ -25,9 +25,81 @@ podman run -itd \
|
|||||||
docker.io/josh5/unmanic:latest
|
docker.io/josh5/unmanic:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If the connection will be established through a webserver running on the same machine, use `-p 127.0.0.1:8888:8888` instead to only allow connections from the local host.
|
||||||
|
|
||||||
## Authentication
|
## Authentication
|
||||||
|
|
||||||
> [nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
|
> [nginx basic auth](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
|
||||||
|
|
||||||
Unmanic does not have any authentication built in. However, it does support basic authentication for remote servers.
|
Unmanic does not have any authentication built in. However, it does support basic authentication for remote servers.
|
||||||
To use basic auth however, a webserver has to be configured through which Unmanic will be accessed.
|
To use basic auth however, a webserver has to be configured through which Unmanic will be accessed.
|
||||||
|
|
||||||
|
Nginx will be used as the webserver, while apache2-utils is necessary to create the password file.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt install nginx apache2-utils
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a new password file
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo htpasswd -c /etc/apache2/.htpasswd [USER]
|
||||||
|
```
|
||||||
|
|
||||||
|
Additional users can be added by omitting the `-c` switch
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo htpasswd -c /etc/apache2/.htpasswd [USER]
|
||||||
|
```
|
||||||
|
|
||||||
|
Nginx configuration file
|
||||||
|
|
||||||
|
```nginx
|
||||||
|
server {
|
||||||
|
server_name unmanic.ovh1app1.x9w.ch;
|
||||||
|
|
||||||
|
# Security / XSS Mitigation Headers
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Content-Type-Options "nosniff";
|
||||||
|
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# Proxy main traffic
|
||||||
|
proxy_pass http://127.0.0.1:8888;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
|
||||||
|
# Proxy WebSocket connection
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "Upgrade";
|
||||||
|
|
||||||
|
# Basic Authentication
|
||||||
|
auth_basic "Unmanic";
|
||||||
|
auth_basic_user_file /etc/apache2/.htpasswd;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen *:80;
|
||||||
|
|
||||||
|
#listen 443 ssl http2;
|
||||||
|
#listen [::]:443 ssl http2;
|
||||||
|
#ssl_certificate_key /etc/acme-sh/unmanic.ovh1app1.x9w.ch/key.pem;
|
||||||
|
#ssl_certificate /etc/acme-sh/unmanic.ovh1app1.x9w.ch/cert.pem;
|
||||||
|
}
|
||||||
|
|
||||||
|
#server {
|
||||||
|
# if ($host = unmanic.ovh1app1.x9w.ch) {
|
||||||
|
# return 301 https://$host$request_uri;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# listen 80;
|
||||||
|
# listen [::]:80;
|
||||||
|
# server_name unmanic.ovh1app1.x9w.ch;
|
||||||
|
# return 404;
|
||||||
|
#}
|
||||||
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user