aceberg
Feature Request: add password protection to web UI
Thanks for a great tool — really love it. It's fast, simple and does what it's supposed to.
It would be great to have a bit of extra security and have an ability to password-protect the WebUI.
Thanks!
i've implemented this on this PR: https://github.com/aceberg/WatchYourLAN/pull/29
Thanks! Is there a documentation on how to set it up? Do you set the password as an env variable?
check the readme of that PR but its just an env var lile: GUIAUTH=user:pass
Maybe it would be a bit overkill, but you could always use authelia or authentik to secure your services/dashboards. This requires a reverse proxy to be set up (I personally use traefik), but that should not be that hard. If you have any questions regarding the setup traefik+authelia, I can try to help you.
check the readme of that PR but its just an env var lile: GUIAUTH=user:pass
Thanks! It doesn't seem to work. Added this env variable to my docker compose but I still land right in the Web UI without any authentication requested. What am I doing wrong? :)
Maybe it would be a bit overkill, but you could always use authelia or authentik to secure your services/dashboards. This requires a reverse proxy to be set up (I personally use traefik), but that should not be that hard. If you have any questions regarding the setup traefik+authelia, I can try to help you.
Thanks I will look into these! I'm exposing my self-hosted services via CloudFlare Tunnel (using their cloud reverse-proxy essentially). Would anthelia or authentik work with such setup?
Thanks I will look into these! I'm exposing my self-hosted services via CloudFlare Tunnel (using their cloud reverse-proxy essentially). Would anthelia or authentik work with such setup?
I haven't tested it so far using cloudflared, but I do not see a reason why it wouldn't. Lets say I go to example.com and cloudflare redirects the request through your tunnel. You can still manage that request using your reverse proxy, since cloudflared just forwards the request to your machine on port 80/443/... If you pass it to traefik, i.e., the request hits your 80/443 port, it will handle the request as needed. Here is an image on how traefik uses the forward auth middleware: https://doc.traefik.io/traefik/middlewares/http/forwardauth/.
Soon I will be testing some things using cloudflared with a new machine so I can help you a bit if you get any problems. But AFAIK, there shouldn't be any problem with such a setup.
@GentleHoneyLover not yet, i am waiting on the author to review the PR's i sent
@GentleHoneyLover i merged the changes to my main branch on: https://github.com/renemanqueros/watchyourlan if you want to pull that one while this repo gets updated by the owner, i also added some of the other fixes there
Any news on this feature? I believe the PR was closed but I haven't seen any details about it.
didnt got username and password to work with the environment variables AUTH_USER: "admin" AUTH_PASSWORD: "admin"
and then updated the container with the command below
docker-compose up -d
got no error codes, even restarted the container and tried it in incognito mode in the case the site was cached.
didnt got username and password to work with the environment variables AUTH_USER: "admin" AUTH_PASSWORD: "admin"
and then updated the container with the command below
docker-compose up -dgot no error codes, even restarted the container and tried it in incognito mode in the case the site was cached.
Thanks! That's a bug, will be fixed in the next release ASAP. For now, setting password in web UI should work.
didnt got username and password to work with the environment variables AUTH_USER: "admin" AUTH_PASSWORD: "admin"
and then updated the container with the command below
docker-compose up -dgot no error codes, even restarted the container and tried it in incognito mode in the case the site was cached.
I looked into this later, and it appears not so much a bug, but an unclear README file. The AUTH_PASSWORD variable must contain an already encrypted password. So, now there is a how-to.