Issue #4890 has been updated by Bekir Dogan.
Nigel Kersten wrote: > Proposal: > (Hasn't been actually tested, I'm assuming AllowOverrides is on in the > dashboard Apache vhost config, but it may not be.) > > You can choose to secure your Puppet Dashboard installation such that it > requires a user login to access. > > Any of the authentication options covered in the [Apache Authentication > documentation](http://httpd.apache.org/docs/current/howto/auth.html) may be > used, however the following instructions will show how to do "Basic" > authentication, where the username and password details are stored in a file > on the machine hosting the Dashboard installation. > > If you require more advanced authentication options such as LDAP/Active > Directory integration, please test with Basic authentication first. > > * Create a user/password combination as follows `htpasswd -c > /usr/share/puppet-dashboard/config/htpasswd username`, where 'username' is > the user login for the authentication realm. > * You will be prompted to provide a password > * Create an .htaccess file to instruct Apache to create an authentication > realm. Save the following contents to > `/usr/share/puppet-dashboard/public/.htaccess` > [...] > * Restart Apache. `/etc/init.d/apache2 restart` > * Open up the Dashboard URL in a browser. You will be prompted to provide > the username and password combination entered earlier. I've tried this config but can't accomplish. I've ended up making puppet dashboard internal only and reverse proxying it: <VirtualHost 127.0.0.1:3000> ServerName vhost.domain.com DocumentRoot /usr/share/puppet-dashboard/public/ <Directory /usr/share/puppet-dashboard/public/> Options None AllowOverride AuthConfig Order allow,deny allow from all </Directory> </VirtualHost> # The proxy needed because, I can't make BasicAuth work with Passenger. <VirtualHost web-listen:80> ServerName vhost.domain.com <Location /> AuthType basic AuthName "Puppet Dashboard" Require valid-user AuthBasicProvider file AuthUserFile /etc/apache2/passwords </Location> ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://127.0.0.1:3000/ ProxyPassReverse / http://127.0.0.1:3000/ </VirtualHost> ---------------------------------------- Bug #4890: Documentation's "security" section should explain where to put .htaccess file and give an example https://projects.puppetlabs.com/issues/4890 Author: Igal Koshevoy Status: Accepted Priority: Normal Assignee: Category: Target version: Keywords: Branch: Affected URL: Affected Dashboard version: A very rough draft, must explain what paths are relative to what, etc: You can create a "/usr/share/puppet-dashboard/public/.htaccess" file with contents similar to this: AuthName "Puppet Dashboard" AuthType Basic AuthUserFile /usr/share/puppet-dashboard/config/htpasswd Require valid-user ,,.and then create the AuthUserFile specified above using `htpasswd` (run `htpasswd -h` for help). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
