Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Password Protected Cloudron Nginx

Password Protected Cloudron Nginx

Scheduled Pinned Locked Moved Feature Requests
16 Posts 5 Posters 2.4k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      O Offline
      oj
      wrote on last edited by
      #1

      When setting up a Cloudron server, there are often sections of the site that you wish to restrict access to. Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or unavailable eg. filespizza, Jirafeau, etc.

      This tutorial shows how.

      Would it make sense to enable this in an easier fashion via the Cloudron Admin interface?

      Some users would prefer that their entire Cloudron work server be safer behind a server-level login-password combination.

      girishG 1 Reply Last reply
      0
      • O oj

        When setting up a Cloudron server, there are often sections of the site that you wish to restrict access to. Web applications often provide their own authentication and authorization methods, but the web server itself can be used to restrict access if these are inadequate or unavailable eg. filespizza, Jirafeau, etc.

        This tutorial shows how.

        Would it make sense to enable this in an easier fashion via the Cloudron Admin interface?

        Some users would prefer that their entire Cloudron work server be safer behind a server-level login-password combination.

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by girish
        #2

        @oj I think that makes sense. If you can point out specific apps, we can simply add the new authProxy addon to the apps. Should be trivial. Did you have any more in mind other than file pizza and Jirafeau? By re-using the auth proxy we can user management + 2FA integration etc automatically.

        O 1 Reply Last reply
        0
        • girishG girish

          @oj I think that makes sense. If you can point out specific apps, we can simply add the new authProxy addon to the apps. Should be trivial. Did you have any more in mind other than file pizza and Jirafeau? By re-using the auth proxy we can user management + 2FA integration etc automatically.

          O Offline
          O Offline
          oj
          wrote on last edited by
          #3

          @girish If it were possible to control web-app use/read access, then I would immediate install filepizza, Jirafeau, Prometheus server/ altertmanager, CloudTorrent and Transmission.

          Further, if it is could be used to restrict read access to the content in Surfer and WikiJS...then that too.

          mehdiM 1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #4

            @oj just to be on the same page, are you looking for generally putting an app behind a login page, or just some subpaths or sections of the app?

            O 1 Reply Last reply
            0
            • O oj

              @girish If it were possible to control web-app use/read access, then I would immediate install filepizza, Jirafeau, Prometheus server/ altertmanager, CloudTorrent and Transmission.

              Further, if it is could be used to restrict read access to the content in Surfer and WikiJS...then that too.

              mehdiM Offline
              mehdiM Offline
              mehdi
              App Dev
              wrote on last edited by
              #5

              @oj Transmission at-least is already behind authentication

              1 Reply Last reply
              0
              • nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote on last edited by
                #6

                Yes, also surfer has a way to password or user protect the public pages. So I wonder if this falls into the app's area to be implemented or a platform feature.

                O 1 Reply Last reply
                0
                • nebulonN nebulon

                  @oj just to be on the same page, are you looking for generally putting an app behind a login page, or just some subpaths or sections of the app?

                  O Offline
                  O Offline
                  oj
                  wrote on last edited by
                  #7

                  @nebulon Generally put an app behind a login page.

                  nebulonN 1 Reply Last reply
                  0
                  • O oj

                    @nebulon Generally put an app behind a login page.

                    nebulonN Offline
                    nebulonN Offline
                    nebulon
                    Staff
                    wrote on last edited by
                    #8

                    @oj ah ok, that is indeed easier then. Still there are at least two choices, we could enable the authproxy addon for apps where it makes sense or we could essentially allow the authproxy for any app. I would prefer a more selective approach, but maybe I don't see all the use-cases. For example putting a matomo behind an auth proxy blindly would essentially render the app useless as far as I can tell.

                    O 1 Reply Last reply
                    0
                    • nebulonN nebulon

                      Yes, also surfer has a way to password or user protect the public pages. So I wonder if this falls into the app's area to be implemented or a platform feature.

                      O Offline
                      O Offline
                      oj
                      wrote on last edited by
                      #9

                      @nebulon Yes, I see that my Surfer now has a "Password Restricted" option...Thanks! (I don't think it had it when I set it up over a year ago!)

                      1 Reply Last reply
                      0
                      • nebulonN nebulon

                        @oj ah ok, that is indeed easier then. Still there are at least two choices, we could enable the authproxy addon for apps where it makes sense or we could essentially allow the authproxy for any app. I would prefer a more selective approach, but maybe I don't see all the use-cases. For example putting a matomo behind an auth proxy blindly would essentially render the app useless as far as I can tell.

                        O Offline
                        O Offline
                        oj
                        wrote on last edited by oj
                        #10

                        @nebulon Agree.

                        Essentially, my country's Information Technology rules (and punitive legal actions) have moved towards a concept of "intermediary liability" for the public actions of the users of the services that I host! Hosting and public distribution of so-called "anti-national" content (i.e. content critical of the governments policies/actions) is one such area...if you can believe it! (It may be difficult to believe this if you are in Europe!)

                        I have no control over these rules...So, as a service provider - in case of a specific, legally binding notice from the government - I could need to control who creates/distributes/reads content via these apps on Cloudron.

                        1 Reply Last reply
                        0
                        • girishG Offline
                          girishG Offline
                          girish
                          Staff
                          wrote on last edited by
                          #11

                          I have added proxyAuth it some apps like file pizza and hastebin now. We can add it to more as we go. Jirafeau already has some admin page, so I think it will be confusing if we have a login page and another admin password page. jirafeau already has a way to restrict uploads - https://docs.cloudron.io/apps/jirafeau/#restricting-uploads . Maybe one of those will be enough. Alternately, I think we have to look into integrating better with the app somehow.

                          O 1 Reply Last reply
                          2
                          • girishG girish

                            I have added proxyAuth it some apps like file pizza and hastebin now. We can add it to more as we go. Jirafeau already has some admin page, so I think it will be confusing if we have a login page and another admin password page. jirafeau already has a way to restrict uploads - https://docs.cloudron.io/apps/jirafeau/#restricting-uploads . Maybe one of those will be enough. Alternately, I think we have to look into integrating better with the app somehow.

                            O Offline
                            O Offline
                            oj
                            wrote on last edited by
                            #12

                            @girish Thanks! Have rolled out filepizza... and users love the login experience! Hope Jirafeau too gets the same.

                            L 1 Reply Last reply
                            0
                            • O oj

                              @girish Thanks! Have rolled out filepizza... and users love the login experience! Hope Jirafeau too gets the same.

                              L Offline
                              L Offline
                              lucidfox
                              wrote on last edited by lucidfox
                              #13

                              I'd like to add the password protection to file pizza as well. Seems like I might be missing an obvious setting, but how can can the proxyauth be activated?

                              girishG 1 Reply Last reply
                              0
                              • L lucidfox

                                I'd like to add the password protection to file pizza as well. Seems like I might be missing an obvious setting, but how can can the proxyauth be activated?

                                girishG Offline
                                girishG Offline
                                girish
                                Staff
                                wrote on last edited by
                                #14

                                @lucidfox you have to re-install the app. when installing, it gives you the option to password protect or not.

                                L 1 Reply Last reply
                                0
                                • girishG girish

                                  @lucidfox you have to re-install the app. when installing, it gives you the option to password protect or not.

                                  L Offline
                                  L Offline
                                  lucidfox
                                  wrote on last edited by
                                  #15

                                  @girish thanks for that, it worked. i'm not sure how useful the password protection is in practice, at least in my case, because the receiver of the file pizza link would also need to sign in (and not just the uploader). i've gone back to using file pizza without having to login. wondering if this a security risk in anyway?

                                  girishG 1 Reply Last reply
                                  0
                                  • L lucidfox

                                    @girish thanks for that, it worked. i'm not sure how useful the password protection is in practice, at least in my case, because the receiver of the file pizza link would also need to sign in (and not just the uploader). i've gone back to using file pizza without having to login. wondering if this a security risk in anyway?

                                    girishG Offline
                                    girishG Offline
                                    girish
                                    Staff
                                    wrote on last edited by
                                    #16

                                    @lucidfox AFAIK, since it's totally peer to peer, there is no risk. Of course, external users can use it but no data goes through your server.

                                    1 Reply Last reply
                                    1
                                    Reply
                                    • Reply as topic
                                    Log in to reply
                                    • Oldest to Newest
                                    • Newest to Oldest
                                    • Most Votes


                                      • Login

                                      • Don't have an account? Register

                                      • Login or register to search.
                                      • First post
                                        Last post
                                      0
                                      • Categories
                                      • Recent
                                      • Tags
                                      • Popular
                                      • Bookmarks
                                      • Search