Question password protect docker app?

Currently reading
Question password protect docker app?

284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have MKVToolNix running in Docker, and it's accessible via http://192.168.1.2:5800
however, anyone can load it (locally) as it has no authentication for access.

is it possible to add a user/pass authentication so that you can't access it via the browser unless you enter a user/pass?
 

Rusty

Moderator
NAS Support
6,099
1,790
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Running it behind a Revers proxy that has an authentification portal comes to mind. That way you would need to authenticate and only after that you would be allowed access to URL behind it (in this case mkvtoolnix container).

By default, reverse proxy in synology does not support authentification unless you customize nginx behind it. This is something that's not safe in the long run considering that this version of nginx is under DSM system configuration and as such can be altered, changed and reset after every DSM update.
 

fredbert

Moderator
NAS Support
Subscriber
4,076
1,616
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
What web server is the container using? Apache? You could add authentication via .htaccess ... though having HTTPS would be better!
Is it possible to map the web server's document root folder to a NAS folder? Then any mods you make will be retained when the container image is upgraded.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
you mean go into "terminal" from within the docker container?
when i go there i get a black screen with a flashing cursor, but typing anything (including that command) results in no response back
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
hmm whatever that did, it didn't like it at all

Capture.JPG
 

fredbert

Moderator
NAS Support
Subscriber
4,076
1,616
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Just installed the jlesage/mkvtoolnix container and it responds to starting a terminal session with /bin/sh.

Anyway, looking at the Log output tab there is nginx listed in the output as starting up.

The nginx files are /etc/nginx and the document root is /opt/novnc.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
hmmm.. probably not the best solution.

is there anything stock in DSM that would let me forward http://apps.domain.com/appname to 192.16.1.2:5800 (at least to begin with without any user/pass authentication) ?
 

Rusty

Moderator
NAS Support
6,099
1,790
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
hmmm.. probably not the best solution.

is there anything stock in DSM that would let me forward http://apps.domain.com/appname to 192.16.1.2:5800 (at least to begin with without any user/pass authentication) ?
Revers proxy that DSM uses (without auth) is in Control Panel > Application Portal > revers proxy
 

fredbert

Moderator
NAS Support
Subscriber
4,076
1,616
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Reverse Proxy works on sub-domain URLS such as 'appname.domain.com' not on 'apps.domain.com/appname'. Only the selected Synology packages get to have the appname folder too.


A really hacked solution might be achievable if you don't currently use one of the VPN Server services. This is theoretical because I haven't used it myself.

You'd configure the unused VPN service to only your MKVToolNix users. Then use the DSM firewall to block access to the MKVToolNix ports except from the VPN service.

For a reverse proxy rule there is also the option to assign an access control policy that limits the source IP that can access it. So you'd do the same type of thing that the DSM firewall is doing on the direct container access.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
hmm sounds too hacky really.
i remember ages ago when i was using a windows server with nginx that you could configure nginx reverse proxy to do apps.domain.com/appname
 

fredbert

Moderator
NAS Support
Subscriber
4,076
1,616
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Maybe there's another container that supports authentication?

nginx may support apps.domain.com/appname but I'm not aware that the DSM interface supports this except for official packages.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i've dropped a message on the github for the container to see if it's possible.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thanks @Rusty for pointing it, for sure once you have successfully registered your user, may uncheck the...
Replies
6
Views
1,905
Replies
3
Views
245
  • Question
If your NAS indeed is a DS416j, then I am afraid your memory is playing a trick on you. The cpu of the...
Replies
4
Views
827
  • Solved
That is interesting to know. Thank you! Probably nothing. And after some further consideration, I feel...
Replies
4
Views
323
  • Question
I haven't thought about it as a file system level cache. If it is, it would make sense that both benefit...
Replies
8
Views
310
I am struggling with that since I am only a copy & paste hacker. I have installed netdata on my Synology...
Replies
0
Views
155
OK, I have done those mappings (see screenshots). The status still shows the same error. File downloads...
Replies
3
Views
395

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top