Open DyonR opened 4 years ago
It would be nice if it would be possible to get the same output of generating a password via the commandline via openssl for example.
ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==
is most likely adminadmin
ref
Usernames are not encrypted and just stored in plaintext in qBittorrent.conf under as following;
WebUI\Username=DyonR
Example of the line with my password from qBittorrent.conf:
WebUI\Password_PBKDF2="@ByteArray(j7d+ZoBiISb0t6se1kvbhA==:WOY4sEE8weaFPwzZ4uMwTyECRVoS7j/SyilrWmad+oO5PQFzUyVJEi8S9Fo7dVc/QxCMk0bLV+Cq/aNydNK9Bw==)"
Usernames are not encrypted and just stored in plaintext in qBittorrent.conf under as following;
WebUI\Username=DyonR
Example of the line with my password from qBittorrent.conf:
WebUI\Password_PBKDF2="@ByteArray(j7d+ZoBiISb0t6se1kvbhA==:WOY4sEE8weaFPwzZ4uMwTyECRVoS7j/SyilrWmad+oO5PQFzUyVJEi8S9Fo7dVc/QxCMk0bLV+Cq/aNydNK9Bw==)"
Is this actually working for you? I'm trying to figure out a way to have a persistent password for the webui instead of having to set the password anytime I need to restart the server or docker container.
qBittorrent.conf should be persistent file that doesn't get changed on every restart.
Interesting... that's not the behavior I am experiencing. Every time I restart DyonR/docker-qbittorrentvpn
container, the .conf file reverts. The only thing I can think of is that I defined WebUI\Password_PBKDF2
improperly and it was removed due to that. The password set via the Web UI definitely gets purged on restart, is that expected behavior?
No, the password should be persistent if changed via the Web UI. Any settings you change get stored in the conf file. Does only the password reset on every restart or other settings too? Did you check permissions?
Everything resets, settings and passwords, etc. Which permissions would you be referring to?
Everything resets, settings and passwords, etc. Which permissions would you be referring to?
To prevent clutter in this issue, please come over to #132
@DyonR not sure if this helps or is still relevant, but I'm running qBittorrent through Traefik, and I've disabled the authentication for the Web UI:
While I would prefer to use qBittorents login screen and simply set the username/password via the environment variables, this was the next best thing I could manage.
I have Traefik applying some basic authentication via middleware to keep it secure:
basic-auth:
chain:
middlewares:
- middlewares-bouncer
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-basic-auth <<<
- middlewares-compress
middlewares-basic-auth:
basicAuth:
usersFile: "/run/secrets/htpasswd"
realm: "Basic Auth"
It would be neat if it is possible to set a username and password for the WebUI via an environment variable.
For setting a password, I would need to figure out how qBittorrent generates a password.
They do use PBKDF2, but I don't know cipher, seed, iteration and key length they use.