Sort out authorization issues for Apache>Nginx migration

[terrillmoore]

We need to switch to Nginx in v1, because it allows mosquitto, etc., to function cleanly.

Unfortunately, AAA works differently. Apache has .htaccess and .htgroup. We use .htaccess to define the logins for all users, and .htgroup to limit access (e.g. for API keys). Nginx only supports .htaccess.

It should be possible to create one Nginx .htaccess file for each controlled service (by using the .htgroup for that service and extracting the relevant entries from the Apache .htaccess file. Right now we have a group for node-red and a group for InfluxDB access. We want therefore to create two Nginx .htaccess files, one for node-red, the other for InfluxDB. We would look in the Apache .htgroup file for group NodeRed, find the users, and extract those user records from Apache .htaccess and put them in Nginx NodeRed .htaccess. Similarly, we would look in the Apache .htgroup file for group InfluxDB (whatever we called it), find the users, and extract those user records from Apache .htaccess and put them in Nginx InfluxDB .htaccess.

This needs to be done with a script for people upgrading.

There also needs to be a script for people setting up API keys and node-red access; but this is more straightforward, because it doesn't have to do the conversion.

[oliv3]

For what it's worth, I'm quite happy using letsencrypt-nginx-proxy-companion.