WebUI password protection … where has nginx gone?

Dear folks,

is it still possible to modify nginx to use authentication? I don’t find any configuration file for nginx, unfortunately …

Or is there some other DIY way, yet?

Thank you!

We’re not using nginx anymore, but rather express .
We plan to implement it in the future, but no ETA …

I also cannot point you to a simple method like in nginx… Because you should edit lot of stuff to achieve what you want

Oh, that’s a pity. : /

Thank you for clarifying this, though!

Hi !

Did you find the solution to protect the webui with password ?

Is there a solution for this already?
In my opinion, it is confusing for any non-technical person:

  • SSH is disabled by default, for security reasons.
  • /DEV Web-GUI, which is not password protected in any way, can be reached by everyone; SSH can be started from there
  • Afterwards, a default-password SSH service is available.

The only way I know of to secure this, is

  • Enabling SSH once via /DEV WebGUI
  • Login by SSH once and change default password
  • Disable SSH at /DEV WebGUI again

This is not really hard, but I think it is not done by every user, since they simply are unaware of this. As a result, it is counter-effective from security point of view.

PS: And even then, there still is an unavoidable information leak at /DEV WebGUI.

Securing /DEV WebGUI (or even SSH login?) by a password, which is asked for in the First-Run-Wizard would be great.

I don’t think there is currently a solution, but they keep saying they’re working on it; so maybe someday?

I have to agree with you, some web gui security would be great, but if they made user / password required (or optional, I’m not picky) for access to the web gui, then all the multi-room and hopefully someday synced multi-room would need adjusting.

If you and your roommate both have volumio, you wouldn’t want them to get into yours because multi-room is in the web gui after the user / password stage, or have multi-room fail because user / password is needed and the volumio devices aren’t receiving proper authorization.
The different volumio devices would need to remember and communicate user / password to create a “your group” of sorts.

All to say, password protection could be complicated.

With regards to the SSH comments, you should add a generated ssh public key from your workstation (Mac or Windows) to the authorized_keys of volumio and change the ssh daemon to only allow the key and disable plaintext logins.

.Nico

For us Linux newbs, would you summarize how this is done Nico? I’m not ashamed that I’m still learning about this OS, but finding the information you need to get task A, B, or C done is an exercise in frustration - sifting through tons of assumed pre-knowledge.

Are you wanting a user/password gateway to the browser UI screen? Not possible presently, I am afraid.

What exactly are you wanting to achieve re. ssh login/password?

Regardless, you would be better off opening your own new topic rather than referring back to 4 year old ones. :wink: