• Hello Guest! SynoForum.com is celebrating its 5th anniversary! 🥳🎉 Read more...

Question password protect docker app?

Currently reading
Question password protect docker app?

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have MKVToolNix running in Docker, and it's accessible via http://192.168.1.2:5800
however, anyone can load it (locally) as it has no authentication for access.

is it possible to add a user/pass authentication so that you can't access it via the browser unless you enter a user/pass?
 
Running it behind a Revers proxy that has an authentification portal comes to mind. That way you would need to authenticate and only after that you would be allowed access to URL behind it (in this case mkvtoolnix container).

By default, reverse proxy in synology does not support authentification unless you customize nginx behind it. This is something that's not safe in the long run considering that this version of nginx is under DSM system configuration and as such can be altered, changed and reset after every DSM update.
 
What web server is the container using? Apache? You could add authentication via .htaccess ... though having HTTPS would be better!
Is it possible to map the web server's document root folder to a NAS folder? Then any mods you make will be retained when the container image is upgraded.
 
you mean go into "terminal" from within the docker container?
when i go there i get a black screen with a flashing cursor, but typing anything (including that command) results in no response back
 
hmm whatever that did, it didn't like it at all

Capture.JPG
 
hmmm.. probably not the best solution.

is there anything stock in DSM that would let me forward http://apps.domain.com/appname to 192.16.1.2:5800 (at least to begin with without any user/pass authentication) ?
Revers proxy that DSM uses (without auth) is in Control Panel > Application Portal > revers proxy
 
Reverse Proxy works on sub-domain URLS such as 'appname.domain.com' not on 'apps.domain.com/appname'. Only the selected Synology packages get to have the appname folder too.


A really hacked solution might be achievable if you don't currently use one of the VPN Server services. This is theoretical because I haven't used it myself.

You'd configure the unused VPN service to only your MKVToolNix users. Then use the DSM firewall to block access to the MKVToolNix ports except from the VPN service.

For a reverse proxy rule there is also the option to assign an access control policy that limits the source IP that can access it. So you'd do the same type of thing that the DSM firewall is doing on the direct container access.
 
hmm sounds too hacky really.
i remember ages ago when i was using a windows server with nginx that you could configure nginx reverse proxy to do apps.domain.com/appname
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thanks @Rusty for pointing it, for sure once you have successfully registered your user, may uncheck the...
Replies
6
Views
2,577
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
456
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
1,061
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
1,035
I'm happy with email notifications but in v0.3.3 of dockcheck the author added apprise notifications...
Replies
4
Views
1,158
I am also trying to setup a Z-wave USB dongle and am getting stuck after following the same steps as...
Replies
1
Views
1,094
How did you create the Portainer container in first place? As in exact docker run commands or in case...
Replies
7
Views
1,337

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top