search

restic / rest-server

Rest Server is a high performance HTTP server that implements restic's REST backend API.
BSD 2-Clause "Simplified" License
981 stars 144 forks source link

DISABLE_AUTHENTICATION no longer works #119

Closed lwis closed 3 years ago

lwis commented 4 years ago

Docker version: 3598be715f32

How did you run rest-server exactly?

Docker

What backend/server/service did you use to store the repository?

Filesystem

Expected behavior

Flag referenced in README to be used to disable authentication.

Actual behavior

web_1  | Data directory: /data
web_1  | Authentication enabled
web_1  | error: cannot load .htpasswd (use --no-auth to disable): stat /data/.htpasswd: no such file or directory

Steps to reproduce the behavior

version: '3'
services:
  web:
    image: restic/rest-server
    restart: unless-stopped
    ports:
      - "8000:8000"
    environment:
      DISABLE_AUTHENTICATION: "true"
    volumes:
      - "/dir:/data"

Do you have any idea what may have caused this?

Regression

Do you have an idea how to solve the issue?

Not at an immediate glance.

Did rest-server help you today? Did it make you happy in any way?

I love the project(s)!

MichaelEischer commented 4 years ago

Try setting the environment variable OPTIONS to --no-auth.

lwis commented 4 years ago

@MichaelEischer thanks, do the docs need updating to reflect this?

MichaelEischer commented 4 years ago

I think it would be better if the startup script for the docker container adds the flag automatically.

rawtaz commented 4 years ago

@lwis I agree with @MichaelEischer, because if the user just adds --no-auth to OPTIONS this will not be taken into account by the entrypoint.sh script, which will then still create a missing passwords file and warn about missing users.

Instead we should add --no-auth to OPTIONS when DISABLE_AUTHENTICATION is set to a non-empty value. An alternative would be to just let the user specify --no-auth in OPTIONS, but that would be less clean as we'd have to grep for --no-auth in OPTIONS instead of just checking DISABLE_AUTHENTICATION.

Would you like to change your PR so that instead of fixing the documentation it updates the Dockerfile and entrypoint.sh scripts to the following?

FROM alpine

ENV DATA_DIRECTORY="/data"
ENV PASSWORD_FILE="/data/.htpasswd"
ENV DISABLE_AUTHENTICATION=""
ENV OPTIONS=""

RUN apk add --no-cache --update apache2-utils

COPY docker/create_user /usr/bin/
COPY docker/delete_user /usr/bin/
COPY docker/entrypoint.sh /entrypoint.sh
COPY rest-server /usr/bin

VOLUME /data
EXPOSE 8000

CMD [ "/entrypoint.sh" ]
#!/bin/sh

set -e

if [ -n "$DISABLE_AUTHENTICATION" ]; then
    OPTIONS="--no-auth $OPTIONS"
else
    if [ ! -f "$PASSWORD_FILE" ]; then
        touch "$PASSWORD_FILE"
    fi

    if [ ! -s "$PASSWORD_FILE" ]; then
        echo
        echo "**WARNING** No user exists, please 'docker exec -it \$CONTAINER_ID create_user'"
        echo
    fi
fi

exec rest-server --path "$DATA_DIRECTORY" $OPTIONS

If yes, please also change the title and description to reflect what we're doing here (updating the Dockerfile and scripts to support DISABLE_AUTHENTICATION).