password protection

Suggestions/requests/ideas for RuneAudio core features and functions

password protection

Postby nihil.baxter » 04 Feb 2017, 18:33

Hello everybody.

Been reading the forum for a while now, now i gotta ask a question.

I hope this is the right place for it. I looked around here and with google and to my surprise found nobody asked for it before.

I very much enjoy the runeaudio distribution on my rpi3 with my hifiberry dax+, pretty impressed about how easy it is to setup.
But what flaws it a bit for me is the lack of security options.
Why isn't it possible to password protect the remote connection? Everybody in the same network can access my runeaudio and mess around with it, which isn't practical at all in my setup and living situation. Did i miss something? Is there a possibility? The mpd has the feature afaik, but not runeaudio?
Another thing is the airplay function which i would like to use, but the problem here is the same as above, i dont want everybody in the house to be able to hitchike my audio by just turning into airplay.
So, if there are possibilities to do it, please, somebody let me know, otherwise this is a feature request :-)
nihil.baxter
 
Posts: 5
Joined: 30 Jan 2017, 16:10

Re: password protection

Postby hondagx35 » 05 Feb 2017, 01:23

Hi nihil.baxter,

- go to http://www.htaccesstools.com/htpasswd-generator/ and generate a htpasswd entry.
- create the file /etc/nginx/.htpasswd and enter the above generated line
Code: Select all
runeaudio:$apr1$sCspRol7$wSurYpBpaajRoDlN4cW2o/

This is an example for user: "runeaudio" and passwd: "runeaudio"
- modify /etc/nginx/nginx.conf by adding <auth_basic "Restricted";> and <auth_basic_user_file /etc/nginx/.htpasswd;>
Code: Select all
    # DISPLAY section [/]
    server {
        listen 80 deferred;
      add_header X-UA-Compatible "IE=Edge,chrome=1";
        access_log  /var/log/runeaudio/runeui_access.log;
       
        location / {
            root   /var/www;
            index  index.php index.html index.htm;
            try_files       $uri /index.php;
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
        }

- restart nginx or reboot.

Password protection for airplay comes with next version (update to shairport-sync).

Frank
User avatar
hondagx35
 
Posts: 3031
Joined: 11 Sep 2014, 22:06
Location: Germany

Re: password protection

Postby nihil.baxter » 05 Feb 2017, 14:01

Ok, thanks alot for the quick and precise help.

I followed the instructions, seems to work somehow, but now i can't access the runeui at all.
There is no login window popping up, just the browser saying that it cannot connect to that specific ip.
I just saw that nginx brings up an error message "nginx: [emerg] unknown directive "auth_basic" in /etc/nginx/nginx.conf:43"
Any idea? I double checked the lines being written exactly as mentioned and being at the right position...

(I'd also like to set the password in mpd, is there a way tu put the needed line in /etc/mpd.conf so that it stays there?)
->It worked to just add the line, just hadn't thought about that runeui can't be used then anymore :-) and a bit sad that i cant use the mpd configuration part of runeui anymore.
But since i prefer those mpd clients, i'll do it that way.
Why isnt the mpd password function implemented in runeui? Seems like a nobrainer to me, since its seems like an easy thing to do.
Again, a feature request, so that the thread is still in the right subforum :-)

The question about the webserver not being reachable with the .htaccess active, is still of interest.
nihil.baxter
 
Posts: 5
Joined: 30 Jan 2017, 16:10

Re: password protection

Postby hondagx35 » 05 Feb 2017, 17:28

Hi nihil.baxter,

I just saw that nginx brings up an error message "nginx: [emerg] unknown directive "auth_basic" in /etc/nginx/nginx.conf:43"
Any idea?

Your conf file is not setup correctly. http://nginx.org/en/docs/http/ngx_http_ ... odule.html
password.jpg
password.jpg (38.19 KiB) Viewed 1158 times

Works with chrome, firefox and IE on my system.

Frank
User avatar
hondagx35
 
Posts: 3031
Joined: 11 Sep 2014, 22:06
Location: Germany

Re: password protection

Postby nihil.baxter » 05 Feb 2017, 19:41

Hello again.
Your conf file is not setup correctly. http://nginx.org/en/docs/http/ngx_http_ ... odule.html

Sure, i thought so.
I did it exactly like explained before. The part in that nginx.conf looks like this and i'd say it looks exactly right from the little knowledge and understanding i got after reading a bit in the nginx documentation (and exactly the same as explained before):

Code: Select all
 # DISPLAY section [/]
    server {
        listen 80 deferred;
                add_header X-UA-Compatible "IE=Edge,chrome=1";
        access_log  /var/log/runeaudio/runeui_access.log;

        location / {
            root   /var/www;
            index  index.php index.html index.htm;
            try_files       $uri /index.php;
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
        }

        location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif|ico)$ {
           try_files $uri $1.$2;
        }
nihil.baxter
 
Posts: 5
Joined: 30 Jan 2017, 16:10

Re: password protection

Postby hondagx35 » 05 Feb 2017, 23:18

Hi,

please try this file:
nginx.zip
(1.58 KiB) Downloaded 133 times


Frrank
User avatar
hondagx35
 
Posts: 3031
Joined: 11 Sep 2014, 22:06
Location: Germany

Re: password protection

Postby nihil.baxter » 06 Feb 2017, 23:28

Hi,
thanks again for your efforts, but it still doesent work out, behaves the same way as before. Since i havent got the time right now (and honestly: nerves :-) i am useing that modification posted in the raspberry subforum as it just works right now. But since your suggestion seems like a nice and elegant way i still find it a bit sad that i couldnt make it out. Well at least i learned a very little bit about nginx webserver :-)
nihil.baxter
 
Posts: 5
Joined: 30 Jan 2017, 16:10

Re: password protection

Postby handicop » 24 Apr 2018, 06:05

If your nginx isn't built with needed modules, then it would not allow you to use auth_basic function.
I recently download the latest version on Raspberry Pi 2, and the nginx comes without http-auth-basic module.

Code: Select all
cd /usr/bin
./nginx -V


if the result contains these text message, then you would not be able to use auth_basic function with the nginx you have
Code: Select all
--without-http_access_module --without-http_auth_basic_module
handicop
 
Posts: 1
Joined: 24 Apr 2018, 06:00

support RuneAudio Donate with PayPal


Return to Feature request

Who is online

Users browsing this forum: No registered users and 0 guests