dokku-http-auth is a plugin for dokku that gives the ability to enable or disable HTTP authentication for an application.
mkpasswd from the whois package is required to generate secure hash (SHA-512) from provided passwords. It will be installed via apt-get when calling dokku plugins-install.
# dokku 0.4+
$ dokku plugin:install https://github.com/dokku/dokku-http-auth.git$ dokku http-auth:help
http-auth:add-user <app> <user> <password> Add basic auth user to app
http-auth:add-allowed-ip <app> <address> Add allowed IP to basic auth bypass for an app
http-auth:disable <app> Disable HTTP auth for app
http-auth:enable <app> <user> <password> Enable HTTP auth for app
http-auth:remove-allowed-ip <app> <address> Remove allowed IP from basic auth bypass for an app
http-auth:remove-user <app> <user> Remove basic auth user from app
http-auth:report [<app>] [<flag>] Displays an http-auth report for one or more apps
http-auth:show-config <app> Display app http-auth config
The http-auth:enable command can be used to enable HTTP Auth for an app.
dokku http-auth:enable node-js-app-----> Enabling HTTP auth for node-js-app...
! Skipping user initialization
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
Done
A user/password combination can also be specified when enabling HTTP Auth.
dokku http-auth:enable node-js-app username password-----> Enabling HTTP auth for node-js-app...
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
Done
Individual user/password combinations can be added at any point in time via the http-auth:add-user command. Specifying the same user twice will override the first instance of the user, even if the password is the same.
dokku http-auth:add-user node-js-app username password-----> Adding username to basic auth list
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
A user can be removed via the http-auth:remove-user command. This command will always reload nginx, even if the user does not exist.
dokku http-auth:remove-user node-js-app username-----> Removing username from basic auth list
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
See the Nginx Documentation for more information on how this works
Access can be allowed to only a specified set of IP Addresses, CIDR Blocks, or UNIX-domain sockets via the http-auth:add-allowed-ip command. This is used in conjunction with the basic auth support.
dokku http-auth:add-allowed-ip node-js-app 127.0.0.1-----> Adding 127.0.0.1 to allowed ip list
-----> Ensuring network configuration is in sync for node-js-app
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
The specified IP address can be removed via the http-auth:remove-allowed-ip command.
dokku http-auth:remove-allowed-ip node-js-app 127.0.0.1-----> Removing 127.0.0.1 from allowed ip list
-----> Ensuring network configuration is in sync for node-js-app
-----> Configuring node-js-app.dokku.me...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
The nginx http-auth.conf file can be viewed via the http-auth:show-config command. This command will not output the htaccess file.
dokku http-auth:show-config node-js-app usernameauth_basic "Restricted";
auth_basic_user_file /home/dokku/node-js-app/htpasswd;
You can get a report about the app's http-auth status using the http-auth:report command:
# dokku http-auth:report node-js-app=====> node-js-app http-auth information
Http auth enabled: true
Http auth allowed ips: 127.0.0.1
Http auth users: root username
You can pass flags which will output only the value of the specific information you want. For example:
dokku http-auth:report node-js-app --http-auth-enabledThis plugin is released under the MIT license. See the file LICENSE.
