-
-
Notifications
You must be signed in to change notification settings - Fork 843
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: please add an option to the admin panel to disable the built in basic authentification #2653
Comments
Many people have put their streams behind different styles of proxies in order to use types of authentication in front of their Owncast server in the past, and it didn't require removing Owncast's built-in authentication. This has never been something anybody has ever asked for before, and I'm not sure why they would. I'm sorry your particular configuration of your proxy is not working with Owncast, but that sounds like a proxy configuration issue. If Owncast works without the proxy but doesn't work with it then changing how Owncast works doesn't sound like the answer. If your goal is to limit access to your Owncast instance then removing built in auth isn't the solution. Besides, if you can't access the admin because of the proxy, then how would you even access such a setting? |
I have been testing this for the last hour, it took me surprisingly long to make it work. Using caddy as reverse proxy, this can work like this. With caddy listening on localhost:80, and owncast running on localhost:8080 What works is: http://localhost {
basicauth * {
Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
admin $2y$05$pZvLdtKMwiLIFS7zy2dMZOV57YFPHSwdnjzHf3FgHeoaX19RanEeG
}
reverse_proxy http://localhost:8080 {
}
} The important thing to notice is that the For this example:
What I haven't yet figured out is how I would integrate this with some kind of single sign on. |
In this thread there's a couple mentions of some single sign on proxies such as Vouch and oauth2 proxy. It's yet another thing you'd have to run, but these seem to be the right tool for the single sign on job. |
Maybe I'm wrong but owncast is using his own built in basic authentification. I'm putting another basic authentification in front of it. This is the cause of the problem, I think. Simplify the case and give freedom to the user to configure his own authentication. But when the solution is what @4censord has found out: Simply double the admin account with your own proxy configuration aka configure with basic authentification the admin again, which is yet preconfigured in dependance of the streaming key ... If this works then I'm satisfied. Thank you 4censord. I try it with my apache. |
Just in case you want to add it to the documentation ;) Whats the use of it? With this configuration you protect the access to the streaming site "streaming.site" with basic authentification and only the "admin", preconfigured in owncast, can open "streaming.site/admin" to configure owncast. It is useful if you want to make a private stream for a closed group of users. This is also the solution for the SSL reverse proxy which maps https to http. You give the credentials to your chosen people. Nobody without your credentials can watch your stream. Here is the working solution for my configuration for Apache. Use you own data for "email@email" and "streaming.site". These are only placeholder. The real game changer is: You have to double the admin account in your basic authentification. If you change your streaming key, then you have to change the admin account in your ".htpasswd" again. I have now a normal user in the ".htpasswd" and the admin-account of owncast.
Wow, thanks again to all of you. @4censord you made my day. |
I updated the first post to make the problem clearer. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this was a feature request that others have shown no interest in then it's likely to not get implemented due to lack of interest. If others also want to see this feature then now is the time to say something! Thank you for your contributions. |
Hi,
the goal:
protect the access to the streaming site with a password, enable private streaming for a limited group of user
the problem:
possible solution:
another suggestion:
There are multiple use cases. Private stream for friends or for students in a virtual classroom. Just some ideas.
The text was updated successfully, but these errors were encountered: