JasonRivers
commented
7 years ago Changing the password within the nagios container could mean that you will lose all of your changes when there is an update to the container. The correct way to do this would be to mount /opt/nagios/etc as an external volume and make your changes there, This way when you update the container you won't lose any changes you have made.
Seems like with the current setup it is not possible to change the user and password.
When I use the environment variables on swarm, where it might have data folders already created and restart the nagios container. It will not change the user nor password due to file already existing.
https://github.com/JasonRivers/Docker-Nagios/blob/6a309a6e5d7d04bcf4201bd086f88b90f44105f0/start.sh#L17
From htpasswd documentation I can read out that current flags set on file creation might not be the best https://httpd.apache.org/docs/current/programs/htpasswd.html
-c Create the passwd file. If passwd file already exists, it is rewritten and truncated. This option cannot be combined with the -n option. -s Use SHA encryption for passwords. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif). This algorithm is insecure by today's standards. -b Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line. For script use see the -i option. Available in 2.4.4 and later.
"-c" one is ok, and will make the bash check if file exists even redundant and would make it to overwrite it. "-b" seems ok, will just let the creation from bash. "-s" seems a bit bad choice, since authentication is handled by apache only, I don't think there is a need to use SHA. Default is MD5 and -B gives bcrypt which is considered as very secure, at least by the documentation there.