How to put authentication to mist.io panel?

[silasrm]

Hi,

I'm following this article, but I can't do mist.io running over http basic auth.

Where is the file I need to put the auth basic config?

proxy_pass http://127.0.0.1:4243;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;

Thank's!

[mgogoulos]

Hi silasrm,

when we initially added docker support, the docker API was exposed without any authentication, so if you wanted to remotely communicate with a docker server through the API you had to use a proxy to encrypt the traffic, otherwise it would be completely insecure. On that article we have used the example of setting nginx on the docker server, starting docker to listen on tcp localhost 4243, and proxying it's traffic through nginx. So the client would end up communicating with the docker server through basic auth added by nginx. If you want to use this setup, the basic auth config should be setup on an nginx's conf file, example /etc/nginx/sites-enabled/default, inside the server section.

However, the latest versions of Docker now support tls authentication using certs, which I highly recommend. If you want to use tls authentication with mist.io have a look on the docker's page and on mist.io docs

https://docs.docker.com/articles/https/
http://docs.mist.io/article/20-adding-docker

Regards,
Markos

[silasrm]

Hi @mgogoulos,

Thank you to reply.
I'll try the TLS auth.

But, how I can add auth to access my mist.io panel? I'm access the mist.io panel using IP/domain with port 8000.

Thk's

[mgogoulos]

In order to add basic auth to mist.io panel, you can setup nginx to proxypass port 8000 (where mist.io listens) to port 80 and add the basic auth, so you can access mist.io on port 80 of the server. On my Ubuntu system this is what I did:

1. install nginx
   apt-get install nginx

2. vi /etc/nginx/sites-enabled/default and add this

server {
        listen 80 default_server;
        server_name localhost;
        location / {
            proxy_pass http://127.0.0.1:8000;
            auth_basic "Restricted";                                
            auth_basic_user_file /etc/nginx/.htpasswd;  
        }
}

and restart nginx

root@user:/home/# /etc/init.d/nginx restart

3. then
   root@user:/home/# apt-get install apache2-utils
   root@user:/home/# htpasswd -c /etc/nginx/.htpasswd user
   New password:
   Re-type new password:
   Adding password for user user

I add a user/password

So I now open the browser on
http://localhost and it asks for the user/password. Then it will load mist.io

[silasrm]

Hi @mgogoulos,

In my server, I wont put the mist on the root of the webserver, then I'm use this config:

server {
...
            location /mist/ {
            proxy_pass http://localhost:8000; #or http://127.0.0.1:8000
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
        }
...
}

But, when I access http://domain.com/mist/ return: 404. Got lost in the clouds.

Any idea to solve this? This is my first contact to nginx :(

*I managed to put the docker authenticating via TLS. :D

[mgogoulos]

I think it has to be on the top level (/). If you have domain.com on this server and you cannot put mist.io on the top level, you can create another dns name for the mist host (or set an alias on /etc/hosts).

For example I set an entry on /etc/hosts for misthost.com and then set mist.io for this servername, so it is on the top level (/).

server {
listen 80;
server_name misthost.com;
location / {
proxy_pass http://127.0.0.1:8000;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}

Hope it helps

[silasrm]

@mgogoulos Dude, many thank's to help me. This work now!
👯 🎈 👯 🎈

[mgogoulos]

Very glad to read this!