Request Password setting

hankai · October 28, 2015, 9:40am

Hi, i would like to suggest making it possible to have an option in the settings menu where i can enable/disable password protection. As you may figure out, i am not good at programming. I have seen the post for doing it at homebrewtalk, but i get stuck on number 3

sunadmn · October 28, 2015, 2:17pm

What is step #3? If you could post where you are getting stuck we may be able to point you in the right direction.

Cheers,
-Stephen

hankai · October 28, 2015, 2:45pm

Yes, sorry. It’s this one.

I am so bad at this programming stuff

sunadmn · October 28, 2015, 3:25pm

Ok so this is a bit more of an advanced topic, but these are pretty old instructions and may be out of date. The Apache webserver has gone through a bit of changes and depending on how it was installed these instruction could be frustrating.

I would suggest you break this down into parts and tackle them bit by bit and make sure you aren’t just reading the directions but taking the time to learn what each is asking you for and what that is/means.

You’ve got SSH to work and you can log into your Raspberry Pi you’ve found the default file but you can’t find anything that mentions /var/www is this correct? If that is the case this is why I said be careful with old instructions especially if you are not familiar with *NIX based OSs and their applications. Apache if installed by the *NIX package manager may have changed the default HTML directory, so if you are reading old stale instructions you will end up beating your head on the wall looking for something that doesn’t exist. At this point is where you ask the question of WTH is that anyway and the answer is the directory options for the root directory for the HTML content. The default file is a configuration file that tells the Apache server where things are, what should be enabled, and how to run. In this file you can tweak many things and what you are being asked to do is enable a bit that allows you to use simple HTACCESS file protection. What you need to find in this file to help point you in the right direction is where the root directory points so in that file look for something like this:

DocumentRoot /var/www

That will tell you what you should be looking for in the:

<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
</Directory>

But really I can’t stress enough to not just do something, but take the time to read and understand what it is you are doing. This will make life with the BrewPi much easier in the long run. If you get stuck with something and Google can’t turn up an answer we are always here to help, we all had to start somewhere so believe me we understand.

Cheers,
-Stephen

hankai · October 28, 2015, 5:57pm

Thanks’s Stephen, that’s why i am so careful. I’m so afraid to do something that’s not reversible. I’l do my best to learn this, since it looks like this is the only way to go, at this time, to get BrewPi protected.
Cheers
Kai

bryancm1 · October 28, 2015, 9:54pm

And I’m sure you’ve seen the updated version of that HBT post but here it is. It worked better for me.

I just did this a few days ago. Let me know if you get hung up on any of that stuff.

If you follow these directions, you will end up with two remotely accessible web user interfaces. One that requires a password and has all the controls available to you and another page that is not password protected but does not have any of the control buttons available.

Here is my non-password page. Its just logging living room temp right now but you can see what it looks like without the settings options. (I changed my ip’s to address via no-ip, but that’s for later and not in that post you referenced).

http://bluedoorfermentations.ddns.net

Dan · October 28, 2015, 10:20pm

FYI the link doesn’t work for me. The connection times out.

bryancm1 · October 28, 2015, 10:41pm

@Dan you talking about my BrewPi link or the homebrew talk link? They both work for me clicking on them.

Dan · October 29, 2015, 12:25am

the brewpi link sorry

The server at 72.182.26.140 is taking too long to respond.

DanCook · October 29, 2015, 2:41am

I can access the BrewPi link, showing “Fermenting: RastaMan’s Dubbel WLP500/530 Blend”. Sounds tasty!

bryancm1 · October 29, 2015, 2:44am

Right on @DanCook! Glad it’s working. The beer started at 64° and slowly worked its way up to 71.5° over last 10 days (controlled with a ohmbrew fermostat). Just plugged in the BrewPi setup for the first time tonight to test it just holding that temp till I keg it. I’ll use the BrewPi for real next week.

Christoph_Bucher · January 21, 2018, 9:45am

Has anyone had success adding password to the web interface with Portainer? I cannot find apache or the directory /etc/apache2/sites-available.

rbpalmer · January 21, 2018, 11:18am

@Christoph_Bucher

I believe the Portainer Brewpi is using Nginx and not Apache. https://nginx.org/en/

26507 brewpi    20   0   13608  10844   5208 R 67.9  2.9   0:02.05 python
26506 root      20   0    7232   2912   2616 S  1.7  0.8   0:00.05 sudo
   39 www-data  20   0   15712   4240   2948 S  0.3  1.1   5:29.44 nginx
26505 root      20   0    5124   2328   2036 R  0.3  0.6   0:00.09 top
    1 root      20   0    1816   1080   1012 S  0.0  0.3   1:28.02 watcher.sh
   35 root      20   0   15196   2608   1792 S  0.0  0.7   0:00.01 nginx
   36 www-data  20   0   15672   4240   2948 S  0.0  1.1   1:00.43 nginx
   37 www-data  20   0   15364   3304   2324 S  0.0  0.9   6:27.89 nginx
   38 www-data  20   0   15364   3684   2704 S  0.0  1.0   6:27.30 nginx
   58 root      20   0   89116   6436   4272 S  0.0  1.7   5:08.61 php5-fpm
   60 www-data  20   0   89116   9896   7556 S  0.0  2.6   0:00.51 php5-fpm
  123 www-data  20   0   89116   9384   7044 S  0.0  2.5   0:00.43 php5-fpm
  163 root      20   0    5192   3040   2704 S  0.0  0.8   0:00.19 bash
  189 www-data  20   0   89116   9152   6924 S  0.0  2.4   0:00.10 php5-fpm
26427 root      20   0    5196   3064   2724 S  0.0  0.8   0:00.41 bash```

Christoph_Bucher · January 21, 2018, 2:15pm

Yup, did not check that. Thanks!

I managed to set a password. Here’s a simple tutorial if anyone needs it: https://www.howtoforge.com/tutorial/basic-http-authentication-with-nginx/

I also forwarded a port from my router to the Pi. How safe is that? (having user+password)

Elco · February 7, 2018, 7:56am

I have added password protection to the latest version of the docker container.

The latest version of the container exposes two ports:
port 80 for use on your internal network, without password.
port 81 for forwarding on your router, with password.

The default user is brewer and password brewpi.
You can change that by running this command in the container (replace brewer and brewpi with your desired user/pass):

htpasswd -bc /data/settings/brewpi.htpasswd brewer brewpi

The nginx configuration for this can be found here:

github.com

BrewPi/brewpi-docker/blob/master/raspbian/nginx-conf.txt

server {
    listen       80;
    server_name  brewpi.local;
    
    root /var/www/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

This file has been truncated. show original