search

Juniper / wistar

Wistar is a tool to help create and share network topologies of virtual machines. It is designed to be light weight enough to run on a laptop or a small dedicated server.
http://wistar.readthedocs.io/en/latest/
Apache License 2.0
156 stars 41 forks source link

How to protect the GUI session of WISTAR with your credentials so that no one can delete your topologies #51

Open akher1 opened 5 years ago

akher1 commented 5 years ago

How to add username and password for the WEBUI so that no one should make any changes to your topologies. The reason, I am asking because today someone deleted my topology which was building for past one week. This is really needed for me.

Regards, Ankur

Sidiox commented 5 years ago

You can enable basic webauthentication on your webserver. If you use Apache as the webserver you can simply follow the instructions here: https://httpd.apache.org/docs/2.4/howto/auth.html This is authentication against the webserver itself, the Wistar instance behind the webserver is still shared between all users that can authenticate.

akher1 commented 5 years ago

I am able to bring up the apache server but the authentication is not working for me.

This is my server

ankur@ankur-virtual-machine:/etc/apache2/sites-enabled$ pwd /etc/apache2/sites-enabled nkur@ankur-virtual-machine:/etc/apache2/sites-enabled$ ls -la total 48 drwxr-xr-x 2 root root 4096 Aug 2 16:15 . drwxr-xr-x 8 root root 4096 Aug 2 14:47 .. -rw-r--r-- 1 root root 152 Aug 2 15:54 .htaccess -rw------- 1 root root 12288 Aug 2 15:52 .htaccess.swo -rw------- 1 root root 12288 Aug 2 15:47 .htaccess.swp -rw-r--r-- 1 root root 756 Aug 2 16:13 999-non -rw-r--r-- 1 root root 563 Aug 2 15:59 999-wistar.conf -rw-r--r-- 1 root root 1332 Aug 2 15:13 backup-0000-default.conf

virtual-machine:/etc/apache2/sites-enabled$ cat 999-wistar.conf Define wistar_path /opt/wistar/wistar-master Listen 8080 <VirtualHost *:8080> WSGIScriptAlias / ${wistar_path}/wistar/wsgi.py WSGIDaemonProcess wistar python-path=${wistar_path} WSGIProcessGroup wistar ErrorLog /var/log/apache2/wistar.log CustomLog /var/log/apache2/wistar_access.log combined Alias /static/ ${wistar_path}/common/static/

<Directory "${wistar_path}/common/static"> Require all granted <Directory ${wistar_path}>

Require all granted

+++++++++THIS IS NOT WORKING+++++++++ ankur@ankur-virtual-machine:/etc/apache2/sites-enabled$ cat 999-non Define wistar_path /opt/wistar/wistar-master <VirtualHost *:8080> WSGIScriptAlias / ${wistar_path}/wistar/wsgi.py WSGIDaemonProcess wistar python-path=${wistar_path} WSGIProcessGroup wistar ErrorLog /var/log/apache2/wistar.log CustomLog /var/log/apache2/wistar_access.log combined Alias /static/ ${wistar_path}/common/static/

<Directory "${wistar_path}/common/static"> Require all granted <Directory ${wistar_path}>

    <Files wsgi.py>
          AuthType Basic
      AuthName "Restricted Files"
      # (Following line optional)
      AuthBasicProvider file
      AuthUserFile "/var/www/html/passwords"
      Require user ankur   
    </Files>

ankurh@ankur-virtual-machine:/etc/apache2/sites-enabled$

=========

So, in which path I should call my password?

Regards, Ankur Kher

akher1 commented 5 years ago

Please provide some directions?

dmontagner commented 5 years ago

@akher1 today Wistar has no authentication methods enabled as it is a lab tool only. The suggestion made by @Sidiox is by far the easiest way to provide some level of authentication.

I suspect you haven't created the file .htpasswd on /opt/wistar/wistar-master.

Alternatively, but far more complex, you can enable authentication in DJango. But this will require extra coding.

https://docs.djangoproject.com/en/2.2/topics/auth/default/