-
Notifications
You must be signed in to change notification settings - Fork 617
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add http-basic auth reading from a file #573
Conversation
Thoughts of supporting htpasswd format for the file? |
Dead easy to add, do we want to make htpasswd the default for basic auth? |
I would lean to making that default. The tooling to create htpasswd files is already present on most *nix systems and users of a load balancer are probably familiar with them and know how to create/manage those files. What do you think? Sideline: Thanks for picking up the torch on that old issue. |
Htpasswd is pretty standard stuff. Will make the changes first thing Monday 👍 |
Awesome, and thank you again! |
Thank you and yes to htpasswd. |
@magiconair / @leprechau htpasswd support added. Also added support for an optional realm (used in the |
So I vendored in a new library, which depends on |
I stumbled upon this, and I wonder if it would solve my use case? My use case it to provide an "https + password" frontend to the Consul/Nomad GUI via Fabio. Eagerly looking forward to this getting merged. 👏 👏 |
@shantanugadgil this is exactly what we are using it for as well 😄 |
@andyroyle Sorry for the delay, just getting caught back up after a short vacation. I'll try to give this a review today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor nitpicks. Otherwise LGTM. Thanks a lot!
@andyroyle can you rebase this, please? Then I'll merge it. |
@magiconair thanks for the review (and for merging #575). I've fixed those issues and also rebased on top of master, so this should be good-to-go now. |
Taking implementation cues from #166 I've made an implementation of http basic auth on a per-route basis.
The auth schemes need to be registered with fabio up-front using
proxy.auth = name=mybasicauth;type=basic;file=path/to/file
You then configure your route specifying
auth=mybasicauth
in the route options.You can configure multiple auth schemes side-by-side
Currently it uses http basic auth, which reads a single htpasswd file at startup from a file on disk.
If you specify an auth-scheme that doesn't exist then it will log and error in fabio and return a
401 Unauthorized
response.You can optionally set the realm (default is to use the auth name parameter)