BasicAuthManager is a small web GUI written in Flask for managing HTTP basic authentication. It uses passlib
password hashing library to create/update Htpasswd file which can later be used by either NGINX or Apache for enabling basic authentication for desired sites.
The resulting Htpasswd file has sha256_crypt
encrypted passwords.
BasicAuthManager requires Python 3.5.x or above.
Install python, virtualenv, supervisor and apache2-utils packages:
# apt-get install python python-virtualenv supervisor apache2-utils
Create a user:
# groupadd bam
# useradd -d /home/bam -g bam
As the new user, clone the repo:
$ git clone https://github.com/NIXKnight/BasicAuthManager.git
Create a python virtual environment and install application requirements:
$ virtualenv ~/venv
$ pip -r install ~/BasicAuthManager/requirements.txt
Create a configuration file ~/BasicAuthManager/config.cfg
as follows:
SECRET_KEY = "Random Key String"
ADMIN_USER = "admin"
HTPASSWD_FILE = "/path/to/htpasswd_file"
SMTP_FROM = "from email address"
SMTP_SERVER = "SMTPHOST"
SMTP_TRANSPORT = "STARTTLS"
SMTP_PORT = "587"
SMTP_USERNAME = "from email address"
SMTP_PASSWORD = "password"
Note that you can use either STARTTLS
or SSL
in SMTP_TRANSPORT
. Ensure that you use the proper port in SMTP_PORT
.
Create an Htpasswd file (with -B
option for bcrypt encryption) having an admin user as in the config.cfg
:
$ htpasswd -B -c /path/to/htpasswd_file admin
Create a supervisor configuration file /etc/supervisor/conf.d/BasicAuthManager.conf
with following parameters:
user = bam
directory = /home/bam/BasicAuthManager
command = /home/bam/venv/bin/gunicorn BasicAuthManager:app -w 4 -b 127.0.0.1:8000
environment = PRODUCTION=1
redirect_stderr = True
autorestart = True
stdout_logfile = /var/log/supervisor/BasicAuthManager_stdout.log
stderr_logfile = /var/log/supervisor/BasicAuthManager_stderr.log
Create NGINX server block as follows:
server {
listen 80;
server_name this.bam.local;
autoindex off;
location / {
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8000;
}
location /static {
alias /home/bam/BasicAuthManager/static/;
}
access_log /var/log/nginx/BasicAuthManager-access.log;
error_log /var/log/nginx/BasicAuthManager-error.log;
}
If you don't want to go through the hassle of manual setup, you can use the Ansible role Ansible-BasicAuthManager for the purpose of setting up BasicAuthManager.
If you want to contribute to BasicAuthManager and make it better, your help is very welcome. Note that I am not a Python/Flask developer.
You could send me a pull request. Just do let me know how does your pull request makes the application better. I will do my best to understand and merge the code.
I wanted to learn bits of how to code a web application. In trying to do so, I wrote BasicAuthManager to fullfil my need because I hate logging in to the server to update htpasswd files everytime I have to create/remove a user.
BasicAuthManager is licensed under MIT License. See LICENSE file.