My_webapp subfolder persistent access protection

YouKnowHorst · July 7, 2024, 7:04pm

My YunoHost server

Hardware: VPS bought online /
YunoHost version: 11.2.20.2
**I have access to my server : Through SSH + through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

**If your request is related to an app, specify its name and version: my_webapp 1.0~ynh15

Cannot create a permanent access protection for subfolder

To be able to limit the access to a subfolder of my site site.xyz/sub,
i did activate the HTTP basic auth with Nginx.
This works…but…
after every update, Yunohost loses my config (auth_header and use_remote_user_var…).

  "my_webapp.main": {
        ...
        "auth_header": false,
        ...
        "use_remote_user_var_in_nginx_conf": false,
    }

Is there a working way to include the site.xyz/sub url somewhere in the SSOwat json file to authenticate to this sub-url via yunohost SSO
or
to keep the values for auth_header and remote_vars?

tituspijean · July 7, 2024, 7:41pm

Hey, can you specify where you put that piece of configuration?

The persistent file is /etc/ssowat/conf.json.persistent

YouKnowHorst · July 7, 2024, 8:24pm

I’ve manipulated /etc/ssowat/conf.json to set auth_header and custom_remote_vars to false (the extract in my last post is just a part of the normal conf content)

I tried to put it in the /etc/ssowat/conf.json.persistent file as well, but this seem not to work or I do it in a wrong way.

I would love to understand how I could realize something like this for the subfolder of my site to avoid the workaround with http basic auth:

   "etherpad_mypads.admin": {
            "auth_header": false,
            "label": "Etherpad MyPads (admin)",
            "public": false,
            "show_tile": false,
            "uris": [
                "example.de/admin"
            ],
            "use_remote_user_var_in_nginx_conf": false,
            "users": [
                "admin",
                "exampleUser"
            ]
        },

tituspijean · July 8, 2024, 6:21am

You would need to check its structure,it should follow the same as the non persistent one:

{
    "permissions": {
        "etherpad_mypads.admin": {
            "auth_header": false,
            "label": "Etherpad MyPads (admin)",
            "public": false,
            "show_tile": false,
            "uris": [
                "example.de/admin"
            ],
            "use_remote_user_var_in_nginx_conf": false,
            "users": [
                "admin",
                "exampleUser"
            ]
        }
    },
    "redirected_urls": {}
}

YouKnowHorst · July 11, 2024, 6:27pm

Thank you!
I did not expect it to be that easy!!

I’ve removed the nginx entry for the http auth and added the entries like you described: works!

As the *.persistent name suggests, it should be now persistent

system · July 26, 2024, 6:28pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.