Skip to content

Commit 3d48de4

Browse files
yoonjs2yoonjs2
committed
Fix documentation to supply more information for help to setup basic auth with NGINX
1 parent 7525167 commit 3d48de4

File tree

1 file changed

+15
-17
lines changed

1 file changed

+15
-17
lines changed

docs/security/authentication.md

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -34,42 +34,43 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c
3434

3535
1. Install NGINX server on your server instance
3636

37-
You can install NGINX server with same machine where zeppelin installed or separate machine where it is dedicated to serve as proxy server.
37+
You can install NGINX server with same box where zeppelin installed or separate box where it is dedicated to serve as proxy server.
3838

3939
```
4040
$ apt-get install nginx
4141
```
42+
*Important: On pre 1.3.13 version of NGINX, Proxy for Websocket may not fully works. Please use latest version of NGINX. See: [NGINX documentation](https://www.nginx.com/blog/websocket-nginx/)*
4243
4344
1. Setup init script in NGINX
4445
4546
In most cases, NGINX configuration located under `/etc/nginx/sites-available`. Create your own configuration or add your existing configuration at `/etc/nginx/sites-available`.
4647
4748
```
4849
$ cd /etc/nginx/sites-available
49-
$ touch my-basic-auth
50+
$ touch my-zeppelin-auth-setting
5051
```
5152
52-
Now add this script into `my-basic-auth` file. You can comment out `optional` lines If you want serve Zeppelin under regular HTTP 80 Port.
53+
Now add this script into `my-zeppelin-auth-setting` file. You can comment out `optional` lines If you want serve Zeppelin under regular HTTP 80 Port.
5354
5455
```
5556
upstream zeppelin {
56-
server [YOUR-ZEPPELIN-SERVER-IP]:8080;
57+
server [YOUR-ZEPPELIN-SERVER-IP]:[YOUR-ZEPPELIN-SERVER-PORT]; # For security, It is highly recommended to make this address/port as non-public accessible
5758
}
5859
5960
# Zeppelin Website
6061
server {
6162
listen [YOUR-ZEPPELIN-WEB-SERVER-PORT];
62-
listen 443 ssl; # optional, to serve HTTPS connection
63-
server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com
63+
listen 443 ssl; # optional, to serve HTTPS connection
64+
server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com
6465
6566
ssl_certificate [PATH-TO-YOUR-CERT-FILE]; # optional, to serve HTTPS connection
6667
ssl_certificate_key [PATH-TO-YOUR-CERT-KEY-FILE]; # optional, to serve HTTPS connection
6768
6869
if ($ssl_protocol = "") {
69-
rewrite ^ https://$host$request_uri? permanent; # optional, force to use HTTPS
70+
rewrite ^ https://$host$request_uri? permanent; # optional, to force use of HTTPS
7071
}
7172
72-
location / {
73+
location / { # For regular websever support
7374
proxy_pass http://zeppelin;
7475
proxy_set_header X-Real-IP $remote_addr;
7576
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -80,7 +81,7 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c
8081
auth_basic_user_file /etc/nginx/.htpasswd;
8182
}
8283
83-
location /ws {
84+
location /ws { # For websocket support
8485
proxy_pass http://zeppelin;
8586
proxy_http_version 1.1;
8687
proxy_set_header Upgrade websocket;
@@ -93,7 +94,7 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c
9394
Then make a symbolic link to this file from `/etc/nginx/sites-enabled/` to enable configuration above when NGINX reloads.
9495
9596
```
96-
$ ln -s /etc/nginx/sites-enabled/my-basic-auth /etc/nginx/sites-available/my-basic-auth
97+
$ ln -s /etc/nginx/sites-enabled/my-zeppelin-auth-setting /etc/nginx/sites-available/my-zeppelin-auth-setting
9798
```
9899
99100
1. Setup user credential into `.htpasswd` file and restart server
@@ -102,11 +103,11 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c
102103
103104
```
104105
$ cd /etc/nginx
105-
$ htpasswd -c htpasswd [YOUR_ID]
106-
$ NEW passwd: [YOUR_PASSWORD]
107-
$ RE-type new passwd: [YOUR_PASSWORD_AGAIN]
106+
$ htpasswd -c htpasswd [YOUR-ID]
107+
$ NEW passwd: [YOUR-PASSWORD]
108+
$ RE-type new passwd: [YOUR-PASSWORD-AGAIN]
108109
```
109-
Or you can use your own apache `.htpasswd` files in other location by setup property `auth_basic_user_file`
110+
Or you can use your own apache `.htpasswd` files in other location for setting up property: `auth_basic_user_file`
110111
111112
Restart NGINX server.
112113
@@ -115,9 +116,6 @@ This instruction based on Ubuntu 14.04 LTS but may work with other OS with few c
115116
```
116117
Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into `.htpasswd` you are good to go.
117118
118-
<img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-request.png" />
119-
<img src="/assets/themes/zeppelin/img/screenshots/authentication-basic-auth-nginx-https.png" />
120-
121119
1. More security consideration
122120
123121
* Using HTTPS connection with Basic Authentication is highly recommended since basic auth without encryption may expose your important credential information over the network.

0 commit comments

Comments
 (0)