Uptime Kuma - Securing Status Pages

shrey

Hi all.

Has anyone here been able to modify settings in Cloudron to enable Basic Auth for the Status pages generated by Uptime Kuma?

Something on the lines of:
https://github.com/louislam/uptime-kuma/issues/1756#issuecomment-1158597816

subven

You can set up password authentication with htaccess and a .htpasswd file very easily. Just edit the .htaccess following one of the many examples for basic auth password protection.

shrey

@subven Thanks for your response.

Where do i add the .htaccess and .htpasswd files in Cloudron?

subven

@shrey .htaccess should already in the public root directory of the webapp. The .htpasswd should be outside the public directorys (like one above pub). Simple example.

Edit: bye the way...Uptime Kuma already has authentication in front of its dashboard and pages? You can(!) make them public by disabling Auth in your accounts security settings. Is there a downside for you to use the login method or am I wrong?

girish

The htaccess stuff only works if you serve things via apache. This is not the case with Cloudron package.

https://github.com/louislam/uptime-kuma/issues/1401 is another related report. I guess this is not supported upstream yet.

girish

@subven Oh, does that password make the status pages protected too?

Edit: from what I can tell, the status pages are always public. It's only the admin pages itself that can be password protected or not.

subven

Okay my bad. The last time I did this was for a Wordpress which used Apache. You can also do basic auth with NGINX but the configuration for app packages is read only (as far as I remember).

@girish said in Uptime Kuma - Securing Status Pages:

Oh, does that password make the status pages protected too?

I assumed that because the Dashboard was not reachable without logging in but sadly it is not the case.

I think there is no easy way for us to fix that and it will remain an upstream issue.