diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-01-02 21:43:05 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-01-02 21:43:05 +0100 |
| commit | 945cf832ad2c20c10704282d03326d8495d0ca4b (patch) | |
| tree | 00b83a1b046d5cfe498e871743c572b826840203 /Docker | |
| parent | a6623b7b2fa3f026a0ea30e49b1a221f7a4a8e55 (diff) | |
HTTP authenfication fixes (#2204)
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
Diffstat (limited to 'Docker')
| -rw-r--r-- | Docker/README.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/Docker/README.md b/Docker/README.md index 6b3871c6b..b991409bd 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -205,6 +205,42 @@ sudo docker run -d --restart unless-stopped --log-opt max-size=10m \ ## More deployment options +### Use HTTP-based login (advanced users) + +FreshRSS allows logins using either a Web form (easiest) or based on HTTP authentication. +If you want HTTP authentication, [Træfik can do it](https://docs.traefik.io/configuration/entrypoints/#authentication) (otherwise, see section below for giving this task to Apache inside the FreshRSS Docker image): + +``` +sudo docker run ... + --label traefik.frontend.auth.basic.users='admin:$2y$05$BJ3eexf8gkyfHR1L38nVMeQ2RbQ5PF6KW4/PlttXeR6IOGZKH4sbC,alice:$2y$05$0vv8eexRq4qujzyBCYh6a.bo/KUvuXCmjJ54RqEHBApaHdQrpzFJC' \ + --label traefik.frontend.auth.removeheader=true \ + --label traefik.frontend.auth.headerField=X-WebAuth-User \ + --name freshrss freshrss/freshrss +``` + +N.B.: You can create password hashes for instance with: `htpasswd -nB alice` + +### Custom Apache configuration (advanced users) + +Changes in Apache `.htaccess` files are applied when restarting the container. +In particular, if you want FreshRSS to use HTTP-based login (instead of the easier Web form login, and instead of letting Træfik do it), you can mount your own `./FreshRSS/p/i/.htaccess`: + +``` +sudo docker run ... + -v ./your/.htaccess:/var/www/FreshRSS/p/i/.htaccess \ + -v ./your/.htpasswd:/var/www/FreshRSS/data/.htpasswd \ + ... + --name freshrss freshrss/freshrss +``` + +Example of `./your/.htaccess` referring to `./your/.htpasswd`: +``` +AuthUserFile /var/www/FreshRSS/data/.htpasswd +AuthName "FreshRSS" +AuthType Basic +Require valid-user +``` + ### Example with [docker-compose](https://docs.docker.com/compose/) A [docker-compose.yml](docker-compose.yml) file is given as an example, using PostgreSQL. In order to use it, you have to adapt: |