This version (2017/12/08 14:19) is a draft.
Approvals: 0/1

You will be using htpasswd to generate a username/password file, this utility can be found in the apache2-utils package:

sudo apt-get update; sudo apt-get install apache2-utils

To generate a file that NGINX can use you use the following command, don’t forget to change username to something meaningful!

sudo htpasswd -c /etc/nginx/.htpasswd username

You will receive a prompt to create a password for this username, once finished the file will be created. You’re then free to reference the file to NGINX.

Set up the new server in nginx

Create the file`brewpi-protected` in the `sites-available` directory:

cd /etc/nginx/sites-available
sudo nano 'brewpi-protected'

Paste this configuration int he new file:

server {
	listen                          888;
	server_name                     brewpi-protected;
	
	location / {
		proxy_pass                              http://localhost:80/;
		proxy_buffering                         off;
		proxy_set_header Host                   $http_host;
		proxy_set_header X-Real-IP              $remote_addr;
		proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto      $scheme;
		auth_basic                              "Username and Password Required";
		auth_basic_user_file                    /etc/nginx/.htpasswd;
	}
}

This will make the BrewPi web interface available on port 888, exactly the same as the normal one on port 80, but with password protection.

Enable this new site by creating a symlink in 'sites-enabled':

sudo ln -s /etc/nginx/sites-available/brewpi-protected /etc/nginx/sites-enabled/

Reload nginx to start using the new configuration:

sudo service nginx reload
When using docker, add exposed port 888 to the container

To add an exposed port to an existing container, you'll have to take these steps:

Find the id of your container:

docker ps -a

Stop the container, by using the ID from the previous step:

docker stop 3fafffd62004

Edit the config file of the container. You will need the full length container ID here. When you're running the commands as root, you can use tab to autocomplete. You can also find the full container ID in portainer.

sudo su
nano /var/lib/docker/containers/3fafffd62004fb0d6a4b9cd0d9fa8543629aff011fbaea68406f0c5d11e3c3f1

You now have a password protected web interface running on port 888. You can forward that port on your router to be publicly available.