Repository: incubator-zeppelin Updated Branches: refs/heads/master 69c22eadd -> be8f47628
Revise documentation about basic authentication ### What is this PR for? Revised documentation about nginx authentication after receive few comments about it. Especially for users who using old version of nginx (older than 1.3) facing websocket failures when using zeppelin after follow instructions. I put more information for those users to encourage use of latest version of nginx if possible + fix few grammars for readability. ### What type of PR is it? Documentation Author: Jesang Yoon <yoon...@kanizsalab.com> Closes #877 from yoonjs2/nginx-auth-revised and squashes the following commits: 5c97838 [Jesang Yoon] Remove unused image files 3d48de4 [Jesang Yoon] Fix documentation to supply more information for help to setup basic auth with NGINX 7525167 [Jesang Yoon] Merge branch 'master' of https://github.com/apache/incubator-zeppelin 6a5a3c8 [Jesang Yoon] Merge branch 'master' of https://github.com/apache/incubator-zeppelin 6d04fa7 [Jesang Yoon] Merge branch 'master' of https://github.com/apache/incubator-zeppelin 90219f7 [Jesang Yoon] Merge branch 'master' of https://github.com/apache/incubator-zeppelin 35a6679 [Jesang Yoon] Merge branch 'master' of https://github.com/apache/incubator-zeppelin 4b2223a [Jesang Yoon] Make path to cert and key for HTTPS Ambigious aac4cd4 [Jesang Yoon] Add documentation for explaining enable HTTP basic authentication served by NGINX 3d9e5b3 [Jesang Yoon] Merge remote-tracking branch 'upstream/master' eba0315 [Jesang Yoon] Merge remote-tracking branch 'upstream/master' db8b4da [Jesang Yoon] Merge remote-tracking branch 'upstream/master' 781954b [Jesang Yoon] Interpreter documentation merge with commit #578 af55811 [Jesang Yoon] Merge remote-tracking branch 'origin/master' 079480f [Jesang Yoon] Merge remote-tracking branch 'origin/master' 5f0a6e0 [Jesang Yoon] Merge remote-tracking branch 'origin/master' 4d1503a [Jesang Yoon] Merge remote-tracking branch 'origin/master' 5b091e4 [Jesang Yoon] Fix wrong HTML tags, indention and space between paragraph and tables. Remove unnecessary spaces. 5665dcf [Jesang Yoon] Fix wrong HTML tags, indention and space between paragraph and tables. Remove unnecessary spaces. Project: http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/commit/be8f4762 Tree: http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/tree/be8f4762 Diff: http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/diff/be8f4762 Branch: refs/heads/master Commit: be8f4762897f5fd7bcf3b0f0c4b936d9332a34a8 Parents: 69c22ea Author: Jesang Yoon <yoon...@kanizsalab.com> Authored: Tue May 17 14:13:53 2016 +0900 Committer: Lee moon soo <m...@apache.org> Committed: Wed May 18 14:28:30 2016 -0700 ---------------------------------------------------------------------- .../authentication-basic-auth-nginx-https.png | Bin 206365 -> 0 bytes .../authentication-basic-auth-nginx-request.png | Bin 159005 -> 0 bytes docs/security/authentication.md | 32 +++++++++---------- 3 files changed, 15 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/blob/be8f4762/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png ---------------------------------------------------------------------- diff --git a/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png b/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png deleted file mode 100644 index 46767ed..0000000 Binary files a/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png and /dev/null differ http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/blob/be8f4762/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png ---------------------------------------------------------------------- diff --git a/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png b/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png deleted file mode 100644 index 6c24073..0000000 Binary files a/docs/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png and /dev/null differ http://git-wip-us.apache.org/repos/asf/incubator-zeppelin/blob/be8f4762/docs/security/authentication.md ---------------------------------------------------------------------- diff --git a/docs/security/authentication.md b/docs/security/authentication.md index 91406e0..9d48c58 100644 --- a/docs/security/authentication.md +++ b/docs/security/authentication.md @@ -34,11 +34,12 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c 1. Install NGINX server on your server instance - You can install NGINX server with same machine where zeppelin installed or separate machine where it is dedicated to serve as proxy server. + You can install NGINX server with same box where zeppelin installed or separate box where it is dedicated to serve as proxy server. ``` $ apt-get install nginx ``` + *Important: On pre 1.3.13 version of NGINX, Proxy for Websocket may not fully works. Please use latest version of NGINX. See: [NGINX documentation](https://www.nginx.com/blog/websocket-nginx/)* 1. Setup init script in NGINX @@ -46,30 +47,30 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c ``` $ cd /etc/nginx/sites-available - $ touch my-basic-auth + $ touch my-zeppelin-auth-setting ``` - Now add this script into `my-basic-auth` file. You can comment out `optional` lines If you want serve Zeppelin under regular HTTP 80 Port. + Now add this script into `my-zeppelin-auth-setting` file. You can comment out `optional` lines If you want serve Zeppelin under regular HTTP 80 Port. ``` upstream zeppelin { - server [YOUR-ZEPPELIN-SERVER-IP]:8080; + server [YOUR-ZEPPELIN-SERVER-IP]:[YOUR-ZEPPELIN-SERVER-PORT]; # For security, It is highly recommended to make this address/port as non-public accessible } # Zeppelin Website server { listen [YOUR-ZEPPELIN-WEB-SERVER-PORT]; - listen 443 ssl; # optional, to serve HTTPS connection - server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com + listen 443 ssl; # optional, to serve HTTPS connection + server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com ssl_certificate [PATH-TO-YOUR-CERT-FILE]; # optional, to serve HTTPS connection ssl_certificate_key [PATH-TO-YOUR-CERT-KEY-FILE]; # optional, to serve HTTPS connection if ($ssl_protocol = "") { - rewrite ^ https://$host$request_uri? permanent; # optional, force to use HTTPS + rewrite ^ https://$host$request_uri? permanent; # optional, to force use of HTTPS } - location / { + location / { # For regular websever support proxy_pass http://zeppelin; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -80,7 +81,7 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c auth_basic_user_file /etc/nginx/.htpasswd; } - location /ws { + location /ws { # For websocket support proxy_pass http://zeppelin; proxy_http_version 1.1; proxy_set_header Upgrade websocket; @@ -93,7 +94,7 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c Then make a symbolic link to this file from `/etc/nginx/sites-enabled/` to enable configuration above when NGINX reloads. ``` - $ ln -s /etc/nginx/sites-enabled/my-basic-auth /etc/nginx/sites-available/my-basic-auth + $ ln -s /etc/nginx/sites-enabled/my-zeppelin-auth-setting /etc/nginx/sites-available/my-zeppelin-auth-setting ``` 1. Setup user credential into `.htpasswd` file and restart server @@ -102,11 +103,11 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c ``` $ cd /etc/nginx - $ htpasswd -c htpasswd [YOUR_ID] - $ NEW passwd: [YOUR_PASSWORD] - $ RE-type new passwd: [YOUR_PASSWORD_AGAIN] + $ htpasswd -c htpasswd [YOUR-ID] + $ NEW passwd: [YOUR-PASSWORD] + $ RE-type new passwd: [YOUR-PASSWORD-AGAIN] ``` - Or you can use your own apache `.htpasswd` files in other location by setup property `auth_basic_user_file` + Or you can use your own apache `.htpasswd` files in other location for setting up property: `auth_basic_user_file` Restart NGINX server. @@ -115,9 +116,6 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c ``` Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into `.htpasswd` you are good to go. - <img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png" /> - <img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png" /> - 1. More security consideration * Using HTTPS connection with Basic Authentication is highly recommended since basic auth without encryption may expose your important credential information over the network.
