5 posts tagged with "basic auth"

In one of our projects we use Traefik as a reverse proxy together with nginx and gunicorn to run a Django app in a docker-based environment. When deployed to production, we wanted to make the Traefik UI accessible for the customer, but keep it secure from unwanted visitors. Fortunately, Traefik offers a very simple yet powerful configuration option, which we enabled in a traefik.toml configuration file:

One of our internally used application uses HTTP Basic auth to authenticate a user against our LDAP instance. In a recent attempt I had the need to expose one endpoint publicly without the need of an authentication. I tried several solutions but each of them did not work for my specific use case. At first I tried several Location directives but that did not work as expected. I also tried the LocationMatch directive which also did not work. By accident I came across a blog post stating that Apache 2.4 supports if/else style syntax and that seemed to work fine for me.

As I blogged recently we solved the HTTP Basic Auth problem with Composer / Satis by using expect. I still like the general idea but expect can be a bit tricky to configure. For those of you who are not happy with that solution this one might be a good alternative: As I helped out Manuel Lemos to create an Composer Installer for phpclasses.org packages he pointed out that the new Composer Plugin API might make it easier to extend Composer and offer authentication support. And yes he was right ;) As I had some spare time last weekend I extracted the code handling the authentication logic from his installer and created a separate plugin which can be found on github and packagist.org.

Using Composer in your Vagrant / Puppet setup is as simple as this:

A couple of months ago when we set-up our own internal Satis repository to host our custom Composer packages. We ran into an "unpleasant" issue with Composer that had this PR as an result. To sum things up: We are using HTTP Basic Auth to password-project our Satis repository. There was no way we could switch to an SSL client certificate to allow Composer to authenticate itself automatically without asking for a password. Asking for the password on a developer's machine is no big thing, but it since we need an automated Composer run in our Jenkins environment, there was no way to set things up. Unfortunately the PR is not yet merged in master so we were in need to find a different solution. Luckily my friend Joshua Thijssen pointed me to a tool named expect which could solve this issue easily. Expect is a tool that "talks to other interactive programs according to a script." which sounds pretty awesome and yes it is ;)