Page 1 of 1
Security for Dashticz running in Docker
Posted: Thursday 31 March 2022 16:21
by tarmacalastair
Hi,
In the documentation at
https://dashticz.readthedocs.io/en/mast ... z-security there are details on enabling a login for an installed version of Dashticz. I thought I'd try using Docker and it's all working nicely but when I tried to connect from outside my home I realised that I had no idea how to set this up for Docker.
Can anyone help please?
Thanks
Re: Security for Dashticz running in Docker
Posted: Tuesday 12 April 2022 14:31
by tarmacalastair
Well I've had a go at following the document above and using
docker exec -it dtv3-8082 bash
to get a shell inside my Dashticz instance. I've used docker cp to copy the apache2.conf from the /etc/apache2 folder and modify it and then copy it back to the Docker instance.
I put my .htaccess file inside the /var/www/html folder inside Docker but I get a "500 Internal Server Error"
Any ideas? I've tried moving the .htaccess file around a bit but I have no idea what I'm doing or where to put it....
Thanks
Re: Security for Dashticz running in Docker
Posted: Tuesday 12 April 2022 20:29
by Lokonli
tarmacalastair wrote: ↑Tuesday 12 April 2022 14:31
Well I've had a go at following the document above and using
docker exec -it dtv3-8082 bash
to get a shell inside my Dashticz instance. I've used
docker cp to copy the apache2.conf from the /etc/apache2 folder and modify it and then copy it back to the Docker instance.
I put my
.htaccess file inside the /var/www/html folder inside Docker but I get a
"500 Internal Server Error"
Any ideas? I've tried moving the .htaccess file around a bit but I have no idea what I'm doing or where to put it....
Thanks
The /etc/apache2 folder is a readonly folder. You cannot just copy files to it. You have to update Dockerfile.
Below you find some tips how to do this. If there is a demand from more people I may include it in the automatic install scripts.
Change ./Dockerfile as follows:
Code: Select all
# Dockerfile for Dashticz
# See http://nelkinda.com/blog/apache-php-in-docker/
FROM php:7.4-apache
#Default value in case no build argument:
ARG tz="Europe/Amsterdam"
RUN printf "[PHP]\ndate.timezone = $tz\n" > /usr/local/etc/php/conf.d/tzone.ini && \
mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
#RUN printf "[PHP]\ndate.timezone = $tz\n" > /usr/local/etc/php/conf.d/tzone.ini
COPY ./scripts/dashticz.conf /etc/apache2/conf-enabled
SHELL ["/bin/bash", "-c"]
Create ./scripts/dashticz.conf with the following content:
Code: Select all
### This script is used to enable access control for the Dashticz server when running in a Docker container.
###
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory "/var/www/html">
AuthUserFile /var/www/html/dashticzpasswd
AuthName "Dashticz Password"
AuthType Basic
<RequireAny>
Require valid-user
## <RequireAll>
## Require ip 192.168.1
## Require not ip 192.168.1.16
## </RequireAll>
</RequireAny>
</Directory>
Update ./.dockerignore as follows:
Code: Select all
#The docker build doesn't require anything, so just ignore all
*
!/scripts/**
Create a password file in the Dashticz home folder:
Instead of user 'admin' you can choose any username.
Stop and rebuild the Dashticz Docker container:
Re: Security for Dashticz running in Docker
Posted: Friday 15 April 2022 19:53
by tarmacalastair
Wow, thanks for the detailed answer.
Afraid I won't get the chance to try this for a few days. However, I will try it out and report back as soon as I can.
I'm a bit surprised how little interest there is - I was helping a friend who is completely new to Domoticz & Dashticz set up his RPi the other day and was keen to show how you could set up port forwarding on your router and then connect to your home automation systems from outside and he was very surprised to see that it was wide open to anyone as soon as you enabled port forwarding.
Re: Security for Dashticz running in Docker
Posted: Friday 15 April 2022 20:59
by tarmacalastair
Well I had a quick re-read and realised it's not as complicated as I thought so I've followed your instructions and now it's working great.
Just a couple of points to note
- My Raspberry Pi OS didn't have htpasswd installed (except inside this Docker instance) so I had to install it with:
- I accidentally ran the command from my home directory rather than the Dashticz one. A simple mv command from the wrong place to the right on fixed that - my fault, nothing wrong with the instructions.
So a big big thank you from me!