search

restic / rest-server

Rest Server is a high performance HTTP server that implements restic's REST backend API.
BSD 2-Clause "Simplified" License
944 stars 140 forks source link

Disabling authentication deletes the .htpasswd file. #113

Closed jtagcat closed 4 years ago

jtagcat commented 4 years ago

Output of rest-server --version

da93e5693693

How did you run rest-server exactly?

My main instance uses authentication and operates on append-only mode.

I planned to run a secondary instance, what is only accessible locally, for forgetting and pruning some older backups. Since I would like to automate the process (by the script listing repositories by ls-ing the mapped /data directory, then forgetting and pruning according to a policy on all repositories) and not store clear-text passwords, I would run the secondary instance with authentication disabled.

Expected behaviour

.htpasswd file not getting deleted (and for whom not notice, stop all clients from backing up)

Do you have an idea how to solve the issue?

So, the primary instance maps like this:

But this somehow prevents the secondary instance from successfully booting. I suspect the secondary instance is trying to delete the file, but since the file is directly mapped, docker doesn't allow deletion.

I would expect the best solution would be to have .htpasswd's location (name) as an environment variable. Another solution could be to handle it with nginx (I think it was nginx), since it is looking for the hardcoded /data/.htpasswd file.

The easiest? Moving .htpasswd to a separate directory (/data/restic-configuration/.htpasswd for example). Having a separate directory brings up a problem: you must not have a repository named (in this example) restic-configuration (somebody could be backing up restic configurations here!). Probably the best directory name should start with a dot (but repos beginning with dots are allowed!).

If nothing is done, at the very least there should be a warning that disabling authentication deletes this file! If somebody is not backing up their backups (or not storing the passwords in plaintext (hopefully in encrypted, keepass or something)) elsewhere, this could mean that hundreds of clients need to be updated and could motivate IT to use one password for all the laptops, or worse, use these!

Edit addressing @rawtaz's comment

This is what I'm normally running:

  restic-server:
    image: restic/rest-server
    volumes:
      - '/mnt/storage/restic-data:/data'
    environment:
      OPTIONS: "--prometheus --private-repos --append-only"
    depends_on:
      - traefik
    labels:
      - traefik.frontend.rule=Host:redacted
      - traefik.port=8000
    networks:
      - internal
      - web
    restart: always

Added users with docker-compose exec restic-server create_user command, while restic-server is running, start up this:

  restic-server-local:
    image: restic/rest-server
    restart: always
    volumes:
      - '/mnt/storage/restic-data:/data'
    environment:
      DISABLE_AUTHENTICATION: 1
    ports:
      - "127.0.0.1:1697:8000"
    labels:
      - traefik.enable=false
    networks:
      - internal

And right after starting restic-server-local up, /mnt/storage/restic-data/.htpasswd gets deleted.

rawtaz commented 4 years ago

I'm sorry, but your description of the problem is a bit vague in terms of what actually happens and when.

Can you please update your post to include the complete commands to reproduce the problem (preferrably under the heading "Actual Behavior" which is currently missing even though it's in the issue template)?

I have run the rest-server without encryption, even when having had a .htpasswd, and have not seen the .htpasswd get deleted. So I'm a bit surprised by what you say :)

fd0 commented 4 years ago

You're right, in the entrypoint.sh, the htpasswd file gets deleted when no authentication is requested. I've removed the line from the Shell script so it won't remove the file when we rebuild the docker container the next time.