Fma965
-
Posts
175 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Report Comments posted by Fma965
-
-
This just seems like a non issue really, since the RC doesn't use IPVLAN and instead uses macvlan i haven't had a single crash with it. presumably the next major Unraid version will also have macvlan so there isn't really anything to fix?
-
45 minutes ago, -jim said:
My Unraid has become a warm brick.
Sure that was easy. But then there is a lot of configuration that must be done in other places that is not defined for Unraid.
Not really, thats all that needs to be done. -
6.10-rc1 breaks the above code work around, is there any plans to enable basic auth or a "Bearer Token" ?
for now i have worked around it with this
#!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & # Add Un-Authenticated access to Unraid 6.10-RC1+ for SystemTemp.php and Status.php (Corsair Plugin) while [ ! -f /var/run/nginx.pid ] do sleep 2 # or less like 0.2 done echo -e "# Fma965 Un-Authenticated Access\nlocation ~ /plugins\/corsairpsu\/status.php {\nallow all;\ninclude fastcgi_params;\n}\n\nlocation ~ /plugins\/dynamix.system.temp\/include\/SystemTemp.php {\nallow all;\ninclude fastcgi_params;\n}\n# End Fma965 Un-Authenticated Access\n\n$(cat /etc/nginx/conf.d/locations.conf)" > /etc/nginx/conf.d/locations.conf; nginx -s reload # End Nginx Basic Auth Patch
-
Well as it's unlikely that this is going to be added any time soon @demonspork
Here are some on the fly sed commands to patch the nginx conf file
Create a htpasswd file in /boot/config with a valud basic authentication
cp /boot/config/htpasswd /etc/nginx/basic sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf nginx -s reload
This will break the auto redirect to /login but also makes it possible to use basic auth
Using the CA User Scripts Plugin
Then in the /boot/config/plugins/user.scripts/scripts/Fix Basic Auth/script file
#!/bin/bash while [ ! -f /var/run/nginx.pid ] do sleep 2 # or less like 0.2 done cp /boot/config/htpasswd /etc/nginx/basic sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf nginx -s reload
UPDATE: i have made it work with the /boot/config/go file
#!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & # Wait for Nginx to be running before patching Basic Auth while [ ! -f /var/run/nginx.pid ] do sleep 2 # or less like 0.2 done # Patch Basic Auth back in to Unraid 6.8+ (Make sure /boot/config/htpasswd exists and is valid) cp /boot/config/htpasswd /etc/nginx/basic sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf nginx -s reload # End Nginx Basic Auth Patch
-
Upon further inspection of the code i can see there is already work in progress code for an API in 6.8 via a plugin called unraid.net so this may solve my issue, it doesn't solve the OP's issue though.
in the /boot/config/plugins/dynamix/dynamix.cfg file you have this
[remote] apikey="bbff6d7320a3cfa74964c58b5c5d3b0XXXXXXXXXXXXXXXXXXXXXXe2bc79518f2e4f0c4" wanaccess="no" wanport="0"
- 1
-
So i looked at the nginx conf for unraid 6.7
deny all; auth_basic "unRAID"; auth_basic_user_file /etc/nginx/htpasswd;
the 6.8 config is thisdeny all; auth_request /auth_request.php;
There is no reason at all that i can think of on why you can't have it fall back to BASIC auth if the php auth_request fails
I do similar to the following for services like sonarr, radarr, lidarr, ombi, etc by using the organizr auth_request and if organizr fails to verify i'm valid then it falls back to auth_basic for use by things like NZB360 a android app for sonarr/radarr/lidarr/nzbget etc.
auth_request /auth_request.php; satisfy any; auth_basic "Unraid"; auth_basic_user_file /etc/nginx/htpasswd;
EDIT: here are the dumped config, auth and login files from 6.7 / 6.8 (htpasswd is obviously just a htpasswd file)
https://gist.github.com/Fma965/0d79beeece0a52969ec22093b9e70990
I see there are mentions of a node REST api so that looks promising but i still think it's wrong to disable the only programmatic access to unraid before a API is implemented.
-
This is a bad decision. There is no reason to be stopping support for basic auth you can easily do both I literally run form auth and if it fails fall back to basic auth. Just like applications like sonarr, radarr, lidarr, etc can. This breaks a lot of external access to plugin files. I imagine this might break the controlr plugin and also breaks my JSON API plugin it also stops me adding my stats from the Corsair power supply plugin to my home assistant installations. If you are going to implement form authentication you really need to have a method to programmatically access unraid such as a API key or something.
-
Is it possible to revert back to basic authentication? It's useful for externally grabbing data for example for my JSON API
Perhaps a option? I haven't personally checked yet but had a issue raised on my plugin about it not working on 6.8
Enable Basic Auth for 6.8
-
-
-
-
-
in Prereleases
Posted
Any update on this?