How to password protect output API?

[rcoenen]

Hi - I have Zenbot4 running on a public cloud instance.

How can I password protect the HTML interface/dashboard (or output API as it is known)

[defkev]

Bind to localhost
c.output.api.ip = 'localhost'
and put a reverse proxy with htaccess (or whatever floats your boat) in front of it.

Note that the option is currently only available in unstable.

[rcoenen]

Right - I suppose that will work. Any plans for adding simply a password option in?

[defkev]

If the API ever majors to the point that it actually allows control of the bot i'd say its pretty mandatory but for now no, at least not by me.

[sergejostir]

Or just limit access to your IP (range) with firewall. But yeah, I agree that simple password protection would be nice.

[jaredallard]

I feel like this would be out of scope for zenbot, but a nice feature. nginx w/ whatever method of auth should always be the answer for securing things.

[JulesBern]

How to use with reverse proxy in Nginx:

server { # Zenbot reverse-proxy
listen 2004; # custom port that will be accessed publicly
server_name zenbot.yourdomain.com;

# serve static files
location ~ ^/(images|javascript|js|css|flash|media|static)/  {
  expires 30d;
}

# pass request
location / {
        proxy_pass      http://localhost:20084; # set this port in ->  c.output.api.port = 20084 
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd; #basic auth
}

}

[rcoenen]

@JulesBern That and then running the bot through Termux are a good enough way to set stuff up fairly securely