Simple authentication options for Bob

[Ed Heil]

I just got Bob working on a digital ocean droplet behind an nginx proxy (yay!) and I would like some kind of authentication going on.  The "credentials" system which works with basic tiddlywiki would be great.   However, when I run it with something like:

node ./tiddlywiki.js Wikis/BobWiki/ --wsserver credentials=creds.csv "readers=(anon)" "writers=(authenticated)"

the credentials don't seem to have any effect at all.  Anyone can still edit it.

are those even supposed to work with Bob?

if not, are there any other simple actions?

I tried just putting Basic Auth on in my nginx config, but that seemed to break Bob completely.

[Jed Carty]

I never used basic auth with Bob on nginx, but other people have and the thing that is probably missing is proxying websockets.

The information here should cover it http://nginx.org/en/docs/http/websocket.html

I am hoping that the day job will slow down enough soon so I can get back to working on the secure wiki server and have a simple install script, but I don't have any real idea how long it will be before I have time for that.

[Stobot]

Eagerly awaiting your return someday Jed! I have a monthly reminder to check the OokTech page and refresh, hoping you get a little closer :)

[Ed Heil]

Thanks, I'll look into this!

I ended up just using "security by obscurity" and putting the wikis on a subdomain that nobody but me happens to know about; it'll do for now.  But I'd like to see if I can do basic auth.

As things stand, Bob seems to randomly crash a lot (or else something on my DO droplet is randomly killing it -- the logs say "such-and-so PID killed" so I think the issue might be external to Bob).  Annoying but I can always ssh in and restart it and things are fine again.  And other than that Bob is working really well. It blows me away that it exists at all, thank you for it!

On Monday, June 7, 2021 at 3:38:12 AM UTC-4 inmy...@gmail.com wrote:

[PMario]

Hi Ed,

It should be possible to activate basic auth on the Nginx level. It will create a system popup and deny access, if the credentials are wrong.

That should be relatively simple for the start.

see: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

I didn't read it. I only did a short search q:-)

-mario

[scot]

Hi Ed,

not sure if you've seen this link on  TiddlyWikiLinks or if it's relevant to your setup.

"Add Login to a Node.js App with Cloudflare Argo Tunnels". Detailed explanation of setting up TiddlyWiki in a Digital Ocean droplet, with a CloudFlare Argo tunnel providing secure publishing to a domain with built-in authentication

https://mydigitalmark.com/add-login-to-nodejs-with-cloudflare-argo-tunnels/

Add Login to a Node.js App with Cloudflare Argo Tunnels

Scot

[Ed Heil]

Thanks for all these suggestions!

[Pietro Abano]

Hi Ed,

some time ago (a year?) I have created a description of how to authenticate (to a nginx web server) via a user certificate.

It did work for me.

It's here: https://groups.google.com/g/tiddlywiki/c/StoO3ApsWJU/m/064orDtwBQAJ. Unfortunately it's not at the linked URL anymore, but I probably can find it in my resources and share it with you, if you wish.

Best regards,

Pietro

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/1a042f5a-bb44-4337-b997-d34e9067bc50n%40googlegroups.com.