Just a note for anyone else. I've been trying to setup pass-through authentication to this docker. The documentation for FreshRSS (under nginx) is not great, and it a took a while to figure it out.
There's three changes you need to make (once you've set it up with an initial user).
1. Edit the file config.php (located in /config/www/freshrss/data/ ) and change the auth_type to http_auth:
'auth_type' => 'http_auth',
Has to be done here as by default it's grayed out in the web ui.
2. Start the FreshRSS docker, and open a console into it. Then create your .htpasswd file:
htpasswd -c /config/nginx/site-confs/.htpasswd <freshrss username>
This will request the password for the user, and write the file out there. Repeat for any other users if need be.
3. Edit the nginx site file (located at: /config/nginx/site-confs/default )
server {
listen 80;
listen 443 ssl;
index index.html index.htm index.php;
server_name _;
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
client_max_body_size 0;
root /usr/share/webapps/freshrss/p;
index index.php index.html index.htm;
location ~ ^.+?\.php(/.*)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ index.php;
}
location /i {
auth_basic "Login";
auth_basic_user_file /config/nginx/site-confs/.htpasswd;
location ~ ^.+?\.php(/.*)?$ {
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
}
Feel free to correct if necessary. This means if using a different reverse proxy than nginx or apache etc (i.e. edge firewall/router) to auth through that and pass through the auth directly to the application.
Note the default is to just create a new user and log them in. There's another option in the config.php:
'http_auth_auto_register' => false,
Thanks seeya.