Open christianbur opened 6 years ago
DNS UI doesn't handle any authentication[1] (yet), so you need to handle it in Apache. For example using AuthUserFile with a user file that you generate yourself with htpasswd
. Example config:
AuthType Basic
AuthName "DNS UI"
AuthBasicProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
Generate the htpasswd
file with eg. htpasswd -c /etc/apache2/htpasswd username
[1] This may seem like a glaring omission in the tool, but we developed the DNS UI because we needed one that integrated with LDAP auth and allowed us to delegate multiple admins for each zone - something that no existing tool provided - so we saw no need to develop any other authentication methods.
Also since you would have no users in the database yet, you'd need to manually create one (via SQL commands) that matches a username in the htpasswd
file.
many thanks, my docker environment with pdns and your gui is running :-)
version: '3.3'
services:
pdns-gui:
image: cb/pdns-gui
build: ./conf/gui/Dockerfiles
ports:
- 127.0.0.1:5380:80
environment:
- LOCAL_ADMIN1_USER=admin
- LOCAL_ADMIN1_PASSWORD=xxxxxpassxxxxx
- LOCAL_ADMIN2_USER=admin2
- LOCAL_ADMIN2_PASSWORD=xxxxxpassxxxxx
volumes:
- ./conf/gui/config.ini:/data/dns-ui/config/config.ini:ro
restart: always
depends_on:
# - pdns-server
- pdns-gui-db
networks:
network-pdns:
pdns-gui-db:
image: postgres
volumes:
- ./data/pdns-gui-db/:/var/lib/postgresql/data/
environment:
- POSTGRES_PASSWORD=xxxxxpdns-gui-db-passxxxxxx
- POSTGRES_USER=user_dnsui
- POSTGRES_DB=db_dnsui
restart: always
networks:
network-pdns:
aliases:
- pdns-gui-db
networks:
network-pdns:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.26.1.0/24
FROM php:5.6-apache
MAINTAINER Christian Burmeister
RUN apt-get update && \
apt-get -y install git libpq-dev zlib1g-dev libicu-dev g++ ldap-utils libldap2-dev \
&& docker-php-ext-configure intl \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
&& docker-php-ext-install pdo pdo_pgsql json intl ldap \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get purge
RUN mkdir /data && cd /data && git clone https://github.com/operasoftware/dns-ui.git
COPY ./000-default.conf /etc/apache2/sites-available/000-default.conf
COPY ./docker-entrypoint.sh /
ENTRYPOINT ["/bin/bash", "/docker-entrypoint.sh"]
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /data/dns-ui/public_html/
DirectoryIndex init.php
FallbackResource /init.php
AllowEncodedSlashes NoDecode
<Directory "/data/dns-ui/public_html">
AuthType Basic
AuthName "DNS UI"
AuthBasicProvider file
AuthUserFile /data/.htpasswd
Require valid-user
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
#!/bin/bash
set -e
echo "create /data/.htpasswd"
htpasswd -b -c /data/.htpasswd $LOCAL_ADMIN1_USER $LOCAL_ADMIN1_PASSWORD
htpasswd -b /data/.htpasswd $LOCAL_ADMIN2_USER $LOCAL_ADMIN2_PASSWORD
# Run
if [[ ! -z "$1" ]]; then
exec ${*}
else
exec apache2-foreground
fi
[web]
...
baseurl = http://localhost:5380
...
[database]
dsn = "pgsql:host=pdns-gui-db dbname=db_dnsui"
username = user_dnsui
password = xxxxxpdns-gui-db-passxxxxxx
...
after the first call of http://localhost:5380 (this initializes the database) create a admin user. [I should integrate that into the docker-entrypoint.sh (possibly with php)]
docker exec -it powerdns_pdns-gui-db_1 psql -U user_dnsui -d db_dnsui -c "INSERT INTO \"user\" (uid, name, email, active, admin, auth_realm) VALUES ('admin', 'User Admin', 'admin@example.com', 1, 1, 'local')"
docker exec -it powerdns_pdns-gui-db_1 psql -U user_dnsui -d db_dnsui -c "INSERT INTO \"user\" (uid, name, email, active, admin, auth_realm) VALUES ('admin2', 'User Admin2', 'admin2@example.com', 1, 1, 'local')"
show the created user
docker exec -it powerdns_pdns-gui-db_1 psql -U user_dnsui -d db_dnsui -c "SELECT * FROM \"user\""
If a zone is to be deleted, this must be confirmed with a second admin.
INFO (BUG): dns-ui offers no possibility to log out, therefore a second browser has to be used for the zone delete.
Great news! Thanks for this
Hello,
Thanks for the nice pdns GUI :-) I'm going to build pdns and your gui with docker, i almost succeeded. However, I fail at the user authentication in dns-ui. I do not need LDAP authentication for my small project so I would like to use a local user authentication. In the demo I saw that I can create local users (Users -> Create User ->"You can create users in the local directory here".) Currently I am getting the PHP error "Not logged in.", because the varialbe PHP_AUTH_USER is not set. In the GUI I am getting the error "Oops! Something went wrong!"
What settings (Apache, PHP, dns-ui, dns-ui-db) must be made in a new installation to use local authentication?