JaSei
commented
3 years ago I did this by nginx configuration
server {
listen *:443 ssl;
server_name PINTO_SERVER_URL;
ssl on;
ssl_certificate /etc/nginx/pinto.crt;
ssl_certificate_key /etc/nginx/pinto.key;
ssl_client_certificate /etc/nginx/pinto.crt;
ssl_verify_client on;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-PINTO_SERVER_URL.access.log combined;
error_log /var/log/nginx/ssl-PINTO_SERVER_URL.error.log;
location / {
limit_except GET HEAD {
auth_basic "pinto admin";
auth_basic_user_file /etc/nginx/htpasswd;
}
proxy_pass http://localhost:3111;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
}
Hello. Is subj possible? We need to set authorization for uploading code (otherwise attacker could inject malicious code to our modules), and we don't need authorization when downloading and installing modules (because code does not contain secrets), and we even cannot use authrorization when installing (because we download and install modules from CI and there is no user account and it's not possible to have hidden password for fake user account there)