Security for Dashticz running in Docker Topic is solved

[tarmacalastair]

Hi,

In the documentation at https://dashticz.readthedocs.io/en/mast ... z-security there are details on enabling a login for an installed version of Dashticz. I thought I'd try using Docker and it's all working nicely but when I tried to connect from outside my home I realised that I had no idea how to set this up for Docker.

Can anyone help please?

Thanks

[tarmacalastair]

Well I've had a go at following the document above and using
docker exec -it dtv3-8082 bash
to get a shell inside my Dashticz instance. I've used docker cp to copy the apache2.conf from the /etc/apache2 folder and modify it and then copy it back to the Docker instance.

I put my .htaccess file inside the /var/www/html folder inside Docker but I get a "500 Internal Server Error"

Any ideas? I've tried moving the .htaccess file around a bit but I have no idea what I'm doing or where to put it....

Thanks

[Lokonli]

Well I've had a go at following the document above and using
docker exec -it dtv3-8082 bash
to get a shell inside my Dashticz instance. I've used docker cp to copy the apache2.conf from the /etc/apache2 folder and modify it and then copy it back to the Docker instance.

I put my .htaccess file inside the /var/www/html folder inside Docker but I get a "500 Internal Server Error"

Any ideas? I've tried moving the .htaccess file around a bit but I have no idea what I'm doing or where to put it....

Thanks

The /etc/apache2 folder is a readonly folder. You cannot just copy files to it. You have to update Dockerfile.

Below you find some tips how to do this. If there is a demand from more people I may include it in the automatic install scripts.

Change ./Dockerfile as follows:

Code: Select all

# Dockerfile for Dashticz
# See http://nelkinda.com/blog/apache-php-in-docker/
FROM php:7.4-apache
#Default value in case no build argument:
ARG tz="Europe/Amsterdam" 
RUN printf "[PHP]\ndate.timezone = $tz\n" > /usr/local/etc/php/conf.d/tzone.ini && \
mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
#RUN printf "[PHP]\ndate.timezone = $tz\n" > /usr/local/etc/php/conf.d/tzone.ini 
COPY ./scripts/dashticz.conf /etc/apache2/conf-enabled
SHELL ["/bin/bash", "-c"]

Create ./scripts/dashticz.conf with the following content:

Code: Select all

### This script is used to enable access control for the Dashticz server when running in a Docker container.
###
<Directory /var/www/>
  Options Indexes FollowSymLinks
  AllowOverride All
  Require all granted
</Directory>

<Directory "/var/www/html">
    AuthUserFile /var/www/html/dashticzpasswd
    AuthName "Dashticz Password"
    AuthType Basic
    <RequireAny>
        Require valid-user
##        <RequireAll>
##            Require ip 192.168.1
##            Require not ip 192.168.1.16
##        </RequireAll>
    </RequireAny>
</Directory>

Update ./.dockerignore as follows:

Code: Select all

#The docker build doesn't require anything, so just ignore all
*
!/scripts/**

Create a password file in the Dashticz home folder:

Code: Select all

htpasswd -c dashticzpasswd admin

Instead of user 'admin' you can choose any username.

Stop and rebuild the Dashticz Docker container:

Code: Select all

make stop
make start

[tarmacalastair]

Wow, thanks for the detailed answer.

Afraid I won't get the chance to try this for a few days. However, I will try it out and report back as soon as I can.

I'm a bit surprised how little interest there is - I was helping a friend who is completely new to Domoticz & Dashticz set up his RPi the other day and was keen to show how you could set up port forwarding on your router and then connect to your home automation systems from outside and he was very surprised to see that it was wide open to anyone as soon as you enabled port forwarding.

[tarmacalastair]

Well I had a quick re-read and realised it's not as complicated as I thought so I've followed your instructions and now it's working great.

Just a couple of points to note

• My Raspberry Pi OS didn't have htpasswd installed (except inside this Docker instance) so I had to install it with:

  Code: Select all

  sudo apt install apache2-utils

• I accidentally ran the command from my home directory rather than the Dashticz one. A simple mv command from the wrong place to the right on fixed that - my fault, nothing wrong with the instructions.

So a big big thank you from me!