Username/Password for the WebUI via environment variable

DyonR / docker-qbittorrentvpn

Docker container which runs a qBittorent-nox client with an optional WireGuard or OpenVPN connection

https://hub.docker.com/r/dyonr/qbittorrentvpn/

GNU General Public License v3.0

254 stars 79 forks source link

Username/Password for the WebUI via environment variable #3

Open DyonR opened 4 years ago

DyonR commented 4 years ago

It would be neat if it is possible to set a username and password for the WebUI via an environment variable.
For setting a password, I would need to figure out how qBittorrent generates a password.
They do use PBKDF2, but I don't know cipher, seed, iteration and key length they use.

DyonR commented 4 years ago

https://github.com/qbittorrent/qBittorrent/blob/f3c0cc3cee825000f9d63cdce11398d02be6d0ed/src/base/utils/password.cpp

It would be nice if it would be possible to get the same output of generating a password via the commandline via openssl for example.

ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ== is most likely adminadmin ref

DyonR commented 3 years ago

Usernames are not encrypted and just stored in plaintext in qBittorrent.conf under as following;
WebUI\Username=DyonR

Example of the line with my password from qBittorrent.conf:
WebUI\Password_PBKDF2="@ByteArray(j7d+ZoBiISb0t6se1kvbhA==:WOY4sEE8weaFPwzZ4uMwTyECRVoS7j/SyilrWmad+oO5PQFzUyVJEi8S9Fo7dVc/QxCMk0bLV+Cq/aNydNK9Bw==)"

w4rc0n commented 2 years ago

Usernames are not encrypted and just stored in plaintext in qBittorrent.conf under as following; WebUI\Username=DyonR

Example of the line with my password from qBittorrent.conf: WebUI\Password_PBKDF2="@ByteArray(j7d+ZoBiISb0t6se1kvbhA==:WOY4sEE8weaFPwzZ4uMwTyECRVoS7j/SyilrWmad+oO5PQFzUyVJEi8S9Fo7dVc/QxCMk0bLV+Cq/aNydNK9Bw==)"

Is this actually working for you? I'm trying to figure out a way to have a persistent password for the webui instead of having to set the password anytime I need to restart the server or docker container.

DyonR commented 2 years ago

qBittorrent.conf should be persistent file that doesn't get changed on every restart.

w4rc0n commented 2 years ago

Interesting... that's not the behavior I am experiencing. Every time I restart DyonR/docker-qbittorrentvpn container, the .conf file reverts. The only thing I can think of is that I defined WebUI\Password_PBKDF2 improperly and it was removed due to that. The password set via the Web UI definitely gets purged on restart, is that expected behavior?

DyonR commented 2 years ago

No, the password should be persistent if changed via the Web UI. Any settings you change get stored in the conf file. Does only the password reset on every restart or other settings too? Did you check permissions?

w4rc0n commented 2 years ago

Everything resets, settings and passwords, etc. Which permissions would you be referring to?

DyonR commented 2 years ago

Everything resets, settings and passwords, etc. Which permissions would you be referring to?

To prevent clutter in this issue, please come over to #132

RobertBrinkmann commented 1 year ago

@DyonR not sure if this helps or is still relevant, but I'm running qBittorrent through Traefik, and I've disabled the authentication for the Web UI:

While I would prefer to use qBittorents login screen and simply set the username/password via the environment variables, this was the next best thing I could manage.

I have Traefik applying some basic authentication via middleware to keep it secure:

    basic-auth:
      chain:
        middlewares:
          - middlewares-bouncer
          - middlewares-rate-limit
          - middlewares-https-redirectscheme
          - middlewares-secure-headers
          - middlewares-basic-auth <<<
          - middlewares-compress

    middlewares-basic-auth:
      basicAuth:
        usersFile: "/run/secrets/htpasswd"
        realm: "Basic Auth"