Skip to content

Enabling HTTP Basic Authentication with TinyPilot

Michael Lynch edited this page Sep 9, 2020 · 2 revisions

Important Note! I'm not a network guy, I'm not a security guy, I'm not even a linux guy! I pretty much just followed a recipe. If better minds than mine notice anything amiss, hopefully they will correct it.

Important Note2 I quote Michael: "The one issue I see is that it requires manually editing nginx files. Those edits will get wiped out if the user uses the quick-install script to upgrade TinyPilot because TinyPilot expects to manage those files itself."

It may be an idea to backup those files somewhere after you edit them.

These instructions are based on the Nginx official documentation

We need apache2-utils to create a password file

sudo apt-get install -y apache2-utils

Create a password file and a first user. Run the htpasswd utility with the -c flag (to create a new file), the file pathname as the first argument, and the username as the second argument:

sudo htpasswd -c /etc/apache2/.htpasswd user1

Press Enter and type the password for user1 at the prompts.

If required, create additional user-password pairs. Omit the -c flag because the file already exists:

htpasswd /etc/apache2/.htpasswd user2

You can confirm that the file contains paired usernames and encrypted passwords:

$ cat /etc/apache2/.htpasswd
user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0
user2:$apr1$QdR8fNLT$vbCEEzDj7LyqCMyNpSoBh/
user3:$apr1$Mr5A0e.Uj39Hp5FfxRkneklXaMrr/

Now, update the website file to include the authentication:

sudo nano /etc/nginx/sites-enabled/tinypilot.conf

add the lines

      auth_basic "KVM";  
      auth_basic_user_file /etc/apache2/.htpasswd;

to the server entry so it looks something like this

      server {  
           listen 80 default_server;  
           server_name tinypilot;  
           root /opt/tinypilot;  
           index index.html;  
           auth_basic "KVM";  
           auth_basic_user_file /etc/apache2/.htpasswd;  
           proxy_buffers 16 16k;  

Restart nginx:

sudo systemctl restart nginx

If all goes according to plan, you will now have to provide username and password!