dokku-http-auth is a plugin for dokku that gives the ability to enable or disable HTTP authentication for an application.
mkpasswd
from the whois
package is required to generate secure hash (SHA-512) from provided passwords. It will be installed via apt-get
when calling dokku plugins-install
.
# dokku 0.4+
$ dokku plugin:install https://github.com/dokku/dokku-http-auth.git
$ dokku http-auth:help
http-auth:add-user <app> <user> <password> Add basic auth user to app
http-auth:add-allowed-ip <app> <address> Add allowed IP to basic auth bypass for an app
http-auth:disable <app> Disable HTTP auth for app
http-auth:enable <app> <user> <password> Enable HTTP auth for app
http-auth:remove-allowed-ip <app> <address> Remove allowed IP from basic auth bypass for an app
http-auth:remove-user <app> <user> Remove basic auth user from app
http-auth:report [<app>] [<flag>] Displays an http-auth report for one or more apps
http-auth:show-config <app> Display app http-auth config
The http-auth:enable
command can be used to enable HTTP Auth for an app.
dokku http-auth:enable node-js-app
-----> Enabling HTTP auth for node-js-app...
! Skipping user initialization
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
Done
A user/password combination can also be specified when enabling HTTP Auth.
dokku http-auth:enable node-js-app username password
-----> Enabling HTTP auth for node-js-app...
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
Done
Individual user/password combinations can be added at any point in time via the http-auth:add-user
command. Specifying the same user twice will override the first instance of the user, even if the password is the same.
dokku http-auth:add-user node-js-app username password
-----> Adding username to basic auth list
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
A user can be removed via the http-auth:remove-user
command. This command will always reload nginx, even if the user does not exist.
dokku http-auth:remove-user node-js-app username
-----> Removing username from basic auth list
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
See the Nginx Documentation for more information on how this works
Access can be allowed to only a specified set of IP Addresses, CIDR Blocks, or UNIX-domain sockets via the http-auth:add-allowed-ip
command. This is used in conjunction with the basic auth support.
dokku http-auth:add-allowed-ip node-js-app 127.0.0.1
-----> Adding 127.0.0.1 to allowed ip list
-----> Ensuring network configuration is in sync for node-js-app
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
The specified IP address can be removed via the http-auth:remove-allowed-ip
command.
dokku http-auth:remove-allowed-ip node-js-app 127.0.0.1
-----> Removing 127.0.0.1 from allowed ip list
-----> Ensuring network configuration is in sync for node-js-app
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
The nginx http-auth.conf
file can be viewed via the http-auth:show-config
command. This command will not output the htaccess
file.
dokku http-auth:show-config node-js-app username
auth_basic "Restricted";
auth_basic_user_file /home/dokku/node-js-app/htpasswd;
You can get a report about the app's http-auth status using the http-auth:report
command:
# dokku http-auth:report node-js-app
=====> node-js-app http-auth information
Http auth enabled: true
Http auth allowed ips: 127.0.0.1
Http auth users: root username
You can pass flags which will output only the value of the specific information you want. For example:
dokku http-auth:report node-js-app --http-auth-enabled
This plugin is released under the MIT license. See the file LICENSE.