From ff454de0fdb50a7b3837ecf233b313aa48b9fd2e Mon Sep 17 00:00:00 2001 From: Roberto Alsina Date: Thu, 4 Jul 2024 22:04:02 -0300 Subject: [PATCH] Move basic auth from faaso-daemon to caddy --- Caddyfile | 25 +++++++++++++++---------- Makefile | 2 +- proxy.env | 1 + shard.yml | 2 -- src/daemon/main.cr | 4 ---- src/daemon/proxy.cr | 6 +++++- 6 files changed, 22 insertions(+), 18 deletions(-) create mode 100644 proxy.env diff --git a/Caddyfile b/Caddyfile index 1f4520a..aa42be0 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,14 +1,19 @@ { - http_port 8888 - https_port 8887 - local_certs + http_port 8888 + https_port 8887 + local_certs } -http://mindy:8888 { - handle_path /admin/terminal/* { - reverse_proxy /* http://127.0.0.1:7681 - } - handle_path /admin/* { - reverse_proxy /* http://127.0.0.1:3000 - } +http://*:8888 { + basicauth /admin/* { + # admin $2a$14$C35905PxPzICAZKc/O9jYOS7ipZNPBtrndja8Yu3bvs/UujckryHS + admin {$HTTP_BASIC_AUTH_PASSWORD} + } + + handle_path /admin/terminal/* { + reverse_proxy /* http://127.0.0.1:7681 + } + handle_path /admin/* { + reverse_proxy /* http://127.0.0.1:3000 + } } diff --git a/Makefile b/Makefile index 3057233..1baa5b0 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ build: shard.yml $(wildcard src/**/*cr) proxy: build docker build . -t faaso-proxy start-proxy: - docker run --name faaso-proxy-one --rm --network=faaso-net -v /var/run/docker.sock:/var/run/docker.sock -v secrets:/home/app/secrets -p 8888:8888 faaso-proxy + docker run --name faaso-proxy-one --rm --network=faaso-net --env-file=proxy.env -v /var/run/docker.sock:/var/run/docker.sock -v secrets:/home/app/secrets -p 8888:8888 faaso-proxy .PHONY: build proxy-image start-proxy diff --git a/proxy.env b/proxy.env new file mode 100644 index 0000000..255caca --- /dev/null +++ b/proxy.env @@ -0,0 +1 @@ +HTTP_BASIC_AUTH_PASSWORD=$2a$14$C35905PxPzICAZKc/O9jYOS7ipZNPBtrndja8Yu3bvs/UujckryHS diff --git a/shard.yml b/shard.yml index da486cc..59656b7 100644 --- a/shard.yml +++ b/shard.yml @@ -28,5 +28,3 @@ dependencies: branch: add_exposed_ports kemal: github: kemalcr/kemal - kemal-basic-auth: - github: kemalcr/kemal-basic-auth diff --git a/src/daemon/main.cr b/src/daemon/main.cr index 00fe620..667a76a 100644 --- a/src/daemon/main.cr +++ b/src/daemon/main.cr @@ -5,13 +5,9 @@ require "./terminal.cr" require "compress/gzip" require "crystar" require "docr" -require "kemal-basic-auth" require "kemal" require "uuid" -# FIXME: make configurable -basic_auth "admin", "admin" - get "/" do |env| env.redirect "/index.html" end diff --git a/src/daemon/proxy.cr b/src/daemon/proxy.cr index fc7ce45..94bfd2d 100644 --- a/src/daemon/proxy.cr +++ b/src/daemon/proxy.cr @@ -28,7 +28,11 @@ module Proxy local_certs } -http://mindy:8888 { +http://*:8888 { + basicauth /admin/* { + admin {$HTTP_BASIC_AUTH_PASSWORD} + } + handle_path /admin/terminal/* { reverse_proxy /* http://127.0.0.1:7681 }