Commit f3e733af authored by Jérome Perrin's avatar Jérome Perrin

software/nginx-push-stream: disable basic authentication

When EventSource from browser, it's not possible to pass basic authentication.
Some polyfills such as https://www.npmjs.com/package/event-source-polyfill
allow to pass custom headers, but it seems easier to rely on native EventSource.

We did not really need basic authentication in the first place, because in our
use cases we don't send confidential information over SSE. Also, we can use
hard to guess channel IDs, so basic authentication does not add much.
parent ce4dff4b
......@@ -4,8 +4,8 @@ md5sum = eb4c69df9a8dbb94fb76d0a6c11e360f
[template-nginx-configuration]
filename = template-nginx.cfg.in
md5sum = d22b53eaf4b3d6b5cff043bf8e6cd7c1
md5sum = 1cff0aa9908d8ead05d9c8faef77d51f
[template-nginx]
filename = instance-nginx.cfg.in
md5sum = 3ed378222e0529bd2aa6e43239a07f1c
md5sum = 71daee817cb08834ab1502d01a9b96d0
[buildout]
parts =
nginx-service
htpasswd
htpasswd-runner
publish-connection-information
eggs-directory = ${buildout:eggs-directory}
......@@ -53,24 +51,9 @@ subscriber-location-prefix = /sub
subscriber-allow-credential = 'false'
subscriber-allow-methods = 'GET, HEAD, OPTIONS'
subscriber-allow-headers = 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'
[htpasswd]
recipe = slapos.cookbook:generate.password
storage-path = $${directory:etc}/.pwd
bytes = 8
[htpasswd-runner]
recipe = plone.recipe.command
stop-on-error = true
htpasswd-path = $${directory:etc}/.htpasswd
command = if [ ! -f "$${:htpasswd-path}" ]; then ${buildout:bin-directory}/htpasswd -cb $${:htpasswd-path} $${:user} $${:password}; fi
update-command = $${:command}
user = admin
password = $${htpasswd:passwd}
base-url = http://[$${nginx-configuration:ip}]:$${nginx-configuration:port}
[publish-connection-information]
recipe = slapos.cookbook:publish
init-password = $${htpasswd:passwd}
init-user = $${htpasswd-runner:user}
publisher-url = http://$${htpasswd-runner:user}:$${htpasswd:passwd}@[$${nginx-configuration:ip}]:$${nginx-configuration:port}$${nginx-configuration:publisher-location-prefix}
subscriber-url = http://$${htpasswd-runner:user}:$${htpasswd:passwd}@[$${nginx-configuration:ip}]:$${nginx-configuration:port}$${nginx-configuration:subscriber-location-prefix}
publisher-url = $${nginx-configuration:base-url}$${nginx-configuration:publisher-location-prefix}
subscriber-url = $${nginx-configuration:base-url}$${nginx-configuration:subscriber-location-prefix}
......@@ -65,9 +65,6 @@ server {
client_body_temp_path $${directory:varnginx} 1 2;
proxy_temp_path $${directory:varnginx} 1 2;
auth_basic "Nginx Access";
auth_basic_user_file $${htpasswd-runner:htpasswd-path};
## Serve an error 204 (No Content) for favicon.ico
location = /favicon.ico {
return 204;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment