Transmission
-
@mehdi That's awesome! On the platform side, I am working on getting an auth proxy working (using nginx's https://gock.net/blog/2020/nginx-subrequest-authentication-server/) . I am just making a proof of concept initially but if it works well we will put it in Cloudron 6. I will make a new post when it's ready/available.
-
@girish In this case, the auth proxy will probably have to be custom, since it has to support both a GUI login, and Basic auth for transmission apps & browser extensions... This case really makes me think it should be on the image side, not the platform...
Also, if you want a real-life example of using the subrequest authentication, my transmission app uses it ^^
-
@mehdi Ah, I see. Let me take a close look into the transmission app. You are probably right that it does not apply to it. Currently, the proxy auth tries to target apps that don't have an idea of authentication like promotheus. Without the proxy, one has to run apache/supervisor etc just for auth. We also have a bunch of internal apps which want ldap auth, we just keep copy/pasting the same thing. We even made a module out of it - https://git.cloudron.io/cloudron/cloudron-serve but it's easy to integrate only if it's a node app.
-
@mehdi it's a really long time ago, but I once solved this the following way (I think it was with lighttpd back then). To satisfy the single know user to transmission I added a reverse proxy in front of it and let it set the basic auth header itself. I could then add another layer of authentification on top of it.
Example with nginx: https://serverfault.com/a/345244
-
@girish Yeah, it's a bit "bloated" because there's Nginx+Supervisor+node running, but honestly I believe it's negligible in terms of performance. The only resource-hungry one is node, and it's only called when an auth happens, so I think we can just leave it as is. No ? I'd love your opinion once you've had the chance to review and test Transmission
-
@mehdi Personally, I am not worried about the bloat and like you say it's not resource hungry either. The reason to do it in box code is only because we have already copy/pasted this into 4 of our internal apps now
The cloudron-serve module is basically doing all this for our internal apps ldap auth minus the nginx proxy integration. Now, in addition, we have 2 prometheus apps, 1 cloud torrent app and possibly your transmission app (all of them now do the same thing with different tech stacks - node, apache, nginx..). And maybe more apps that spin off from river?I want to essentially remove cloudron-serve altogether. I have managed to make it work now for our internal apps as well as prometheus. I will look into the basic auth today and see if I can make transmission extensions work. https://git.cloudron.io/cloudron/box/-/blob/master/src/proxyauth.js
Edit: I made a separate post now to discuss this https://forum.cloudron.io/topic/3682/proxyauth-addon
-
@girish @nebulon My Transmission app is done, tests and all
https://git.cloudron.io/mehdi/transmission-appIn my opinion, it's ready to push to store. It may need a bit more doc, but other than that it's good to go
BTW, the proxyAuth addon rocks !
