Open SpaghettiMonkey opened 8 months ago
This seems to fail because there's a missmatch on the Authorization header that it's both being used by nginx's auth_basic and by szurubooru to send the initial credentials and the token afterwards so i don't think this can be fixed.
You could strip the Authorization header in the proxy pass but then you won't be able to login at all.
Yeah, no, you're not going to get this working on szurubooru with that authentication scheme. As Eskuero says; the Authorization
header is overlapping.
If you want to protect unauthorized access, it's easier to just forgo basic_auth and reconfigure your szurubooru instance to not allow anonymous reads; the frontend itself degrades gracefully if anonymous users don't have the requisite permissions. You're looking at the following permissions for an unmodified instance:
users:create:self
posts:list
posts:view
posts:view:featured
tags:view
tag_categories:list
tag_categories:view
pools:view
pool_categories:list
pool_categories:view
If you switch the permission on those from anonymous
to regular
, unauthenticated users will not be able to do anything.
Sorry for the late answer, thanks, I won't waste any more of my time trying this. I ended up only allowing most of the features to approved accounts.
For some context, my container is running from a drive connected via USB while my nginx instance is on my main drive, but this doesn't seem to pose any problem atm. I have set up a nginx reverse proxy on my host machine listening to port 80 and passing to localhost 8080. I have done it according to the recommendations (4-preparing for production in INSTALL.md), with some tweaks as it didn't seem to work right off the box. I ended up with this nginx.conf :
This works nicely. The next thing I tried was securing access to the website by adding some basic_auth elements following some tutorial. Here's what changed from the code above :
note that the .htpasswd file is in the nginx folder, one level above the conf folder / this conf file. after doing this, reloading nginx and trying to access the website from my browser via port 80, I get an error (couldn't tell which one it was and can't reproduce, see following text) and the browser (firefox) asks me for login and password. But after that I constantly get a message saying "could not fetch basic configuration from the server". At this point I would have just tried to find another way to secure my server, but even after going back to the previous conf version, reloading nginx, turning off the server, deleting it (through the docker for desktop gui, red bin button, dunno what it really does) and running "docker-compose up" once more, I still get that error message. Usually, when doing this, the server throws this kind of logs at me :
I managed to fix it once, after restarting my computer I think, but I don't know if that's the only thing that changed between those two occurrences. I created the password file from this site : https://www.web2generators.com/apache-tools/htpasswd-generator (even though I doubt that could help). Could you help me make it work so that I can protect my server or at least fix what's going on here ?