Hmm… some people are going to say that basic auth would be insecure, I’m not going to be there because in this particular case it’s about the same thing.
However, this might be easier to configure and manage permissions than basic auth. Also this works cross-domain and basic auth will require full re-auth for every domain. Another obvious advantage is that at some point I plan to integrate 2FA.
You can backup the entire file then. I get your point, but it also seems like you’re referring to some container-based approach where you would place this inside a container and then mount the config file to some path. While some people might like that approach, that kind of goes against the original idea here, I didn’t want to run yet another instance of nginx for auth, nor another php-fpm - the ideia was simply to use this on a low power device , no containers, no overhead of duplicate webservers and PHP, just a single nginx running a couple of apps on the same php-fpm alongside this.
Well, it isn’t pretty, but gets the job done.
The thing with PHP in this case is that I was already serving a ton of simple websites / small apps like freshrss that use PHP and by making this tool in PHP it means I don’t need yet another process running and wasting resources, can just re-use the existing php-fpm for this.
For what’s worth PHP is better than it looks, and my implementation is very crude, but also small and auditable and contained to a single file. :)
Alternatives? https://filebrowser.org/
I get the point, but don’t forget those “secrets” are bcrypt hashes. Not really reversible.
If you manage to make it worth with Caddy can you share your config? I can add it to the readme or something. Thanks.
Well, me too. But frankly OpenIAM (24GB of RAM as a requirement) Keycloak, Authelia do too much, require too much and aren’t suitable at all for SBCs and small scale stuff.
Edit: This is targeted at people that run nginx as a standalone server or proxy.
I would go with Prosody or Ejabberd, and here’s a good comparison: https://stackoverflow.com/a/45531372 and Ejabberd is the most used thing out there. https://xmpp.org/software/
In the simplest form it might be SSO. It does support multiple users and if you look for instance at the filebrowser it’s very possible to pass the username. But yes, this is very simple, very crude and exactly what a lot of people need.