[Enable Basic Auth for 6.8]

Any update on this? 

[6.9.0/6.9.1 - Kernel Panic due to netfilter (nf_nat_setup_info) - Docker Static IP (macvlan)]

This just seems like a non issue really, since the RC doesn't use IPVLAN and instead uses macvlan i haven't had a single crash with it. presumably the next major Unraid version will also have macvlan so there isn't really anything to fix?

[6.9.0/6.9.1 - Kernel Panic due to netfilter (nf_nat_setup_info) - Docker Static IP (macvlan)]

45 minutes ago, -jim said:

My Unraid has become a warm brick.

Sure that was easy. But then there is a lot of configuration that must be done in other places that is not defined for Unraid.
 

Not really, thats all that needs to be done.

[Enable Basic Auth for 6.8]

6.10-rc1 breaks the above code work around, is there any plans to enable basic auth or a "Bearer Token" ?

 

for now i have worked around it with this 

#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &

# Add Un-Authenticated access to Unraid 6.10-RC1+ for SystemTemp.php and Status.php (Corsair Plugin)
while [ ! -f /var/run/nginx.pid ]
do
  sleep 2 # or less like 0.2
done

echo -e "# Fma965 Un-Authenticated Access\nlocation ~ /plugins\/corsairpsu\/status.php {\nallow all;\ninclude fastcgi_params;\n}\n\nlocation ~ /plugins\/dynamix.system.temp\/include\/SystemTemp.php {\nallow all;\ninclude fastcgi_params;\n}\n# End Fma965 Un-Authenticated Access\n\n$(cat /etc/nginx/conf.d/locations.conf)" > /etc/nginx/conf.d/locations.conf;
nginx -s reload
# End Nginx Basic Auth Patch

 

[Enable Basic Auth for 6.8]

Well as it's unlikely that this is going to be added any time soon @demonspork

 

Here are some on the fly sed commands to patch the nginx conf file

 

Create a htpasswd file in /boot/config with a valud basic authentication

cp /boot/config/htpasswd /etc/nginx/basic
sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf
sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file  /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf
nginx -s reload

This will break the auto redirect to /login but also makes it possible to use basic auth

 

Using the CA User Scripts Plugin

 

Then in the /boot/config/plugins/user.scripts/scripts/Fix Basic Auth/script file

#!/bin/bash
while [ ! -f /var/run/nginx.pid ]
do
  sleep 2 # or less like 0.2
done
cp /boot/config/htpasswd /etc/nginx/basic
sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf
sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file  /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf
nginx -s reload

 

UPDATE: i have made it work with the /boot/config/go file
 

#!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &

# Wait for Nginx to be running before patching Basic Auth
while [ ! -f /var/run/nginx.pid ]
do
  sleep 2 # or less like 0.2
done

# Patch Basic Auth back in to Unraid 6.8+ (Make sure /boot/config/htpasswd exists and is valid)
cp /boot/config/htpasswd /etc/nginx/basic
sed -i 's%return 302 \$scheme:\/\/\$http_host\/login;%# return 302 \$scheme:\/\/\$http_host\/login;%' /etc/nginx/conf.d/emhttp-servers.conf
sed -i '/^auth_request\ \/auth_request.php;/a auth_basic "Unraid";\nauth_basic_user_file  /etc/nginx/basic;' /etc/nginx/conf.d/emhttp-servers.conf
nginx -s reload
# End Nginx Basic Auth Patch

 

[Enable Basic Auth for 6.8]

Upon further inspection of the code i can see there is already work in progress code for an API in 6.8 via a plugin called unraid.net so this may solve my issue, it doesn't solve the OP's issue though.

 

in the /boot/config/plugins/dynamix/dynamix.cfg file you have this

[remote]
apikey="bbff6d7320a3cfa74964c58b5c5d3b0XXXXXXXXXXXXXXXXXXXXXXe2bc79518f2e4f0c4"
wanaccess="no"
wanport="0"

 

[Enable Basic Auth for 6.8]

So i looked at the nginx conf for unraid 6.7
 

deny all;
auth_basic            "unRAID";
auth_basic_user_file  /etc/nginx/htpasswd;

the 6.8 config is this

deny all;
auth_request /auth_request.php;

There is no reason at all that i can think of on why you can't have it fall back to BASIC auth if the php auth_request fails

 

I do similar to the following for services like sonarr, radarr, lidarr, ombi, etc by using the organizr auth_request and if organizr fails to verify i'm valid then it falls back to auth_basic for use by things like NZB360 a android app for sonarr/radarr/lidarr/nzbget etc.

 

auth_request /auth_request.php;   
satisfy any;
auth_basic "Unraid";
auth_basic_user_file  /etc/nginx/htpasswd;   

EDIT: here are the dumped config, auth and login files from 6.7 / 6.8 (htpasswd is obviously just a htpasswd file)

https://gist.github.com/Fma965/0d79beeece0a52969ec22093b9e70990

 

I see there are mentions of a node REST api so that looks promising but i still think it's wrong to disable the only programmatic access to unraid before a API is implemented.

[Enable Basic Auth for 6.8]

This is a bad decision. There is no reason to be stopping support for basic auth you can easily do both I literally run form auth and if it fails fall back to basic auth. Just like applications like sonarr, radarr, lidarr, etc can. This breaks a lot of external access to plugin files. I imagine this might break the controlr plugin and also breaks my JSON API plugin it also stops me adding my stats from the Corsair power supply plugin to my home assistant installations. If you are going to implement form authentication you really need to have a method to programmatically access unraid such as a API key or something. 

[Unraid OS version 6.8.0-rc9 available]

Is it possible to revert back to basic authentication? It's useful for externally grabbing data for example for my JSON API 

 

Perhaps a option? I haven't personally checked yet but had a issue raised on my plugin about it not working on 6.8