Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question : ByPass Authorization for visualizing clip behind reverse proxy ? #126

Closed
Nonobis opened this issue Aug 19, 2024 · 7 comments
Closed

Question : ByPass Authorization for visualizing clip behind reverse proxy ? #126

Nonobis opened this issue Aug 19, 2024 · 7 comments

Comments

@Nonobis
Copy link

Nonobis commented Aug 19, 2024

I am behind Ngninx Proxy Manager, how do you bypass auth when clicking on video/.snapshot link on received notification ?
@freefd
Copy link
Contributor

freefd commented Aug 19, 2024

@Nonobis you should set public_url in the configation settings with inline user:password@ notation.

But please note, this notation doesn't work with Telegram, it will disable this link

@Nonobis
Copy link
Author

Nonobis commented Aug 20, 2024

@freefd : I can encode password in base64 ? or it's must be in plain text ... it's not really secure

@freefd
Copy link
Contributor

freefd commented Aug 20, 2024

@Nonobis, well, a little longer explanation then :)

As per the RFC3986, this old known form has been marked as deprecated, but is still supported by any browser or http lib, and would work anyway.

I believe, your reverse proxy is authenticating requests already, so the possible solutions could be:

  1. You may use a password keeper solution to manage your credentials for quick and easily insert them into auth request
    fields. Personally, I use the self-hosted Vaultwarden vault with Bitwarden official apps for webkit-based and gecko-based browsers on desktop, and Keyguard for my phones.
  2. You can try an OAuth2 based SSO approach with a public or self-hosted IAM where authentication will be done transparently (in most cases). Here are the examples for Authentik, Keycloak, Authelia, and even Google.

@Nonobis
Copy link
Author

Nonobis commented Aug 29, 2024

not working ... i will wait and hope for #98 to be implemented one as an alternative.

@johnwilson1969
Copy link

@freefd : I can encode password in base64 ? or it's must be in plain text ... it's not really secure

just as a note, base64 is encoding, not encryption and is not really safer than plaintext. And the username:password@ gets translated into a basic auth header with the encoded username/password and if using SSL, they should be encrypted at that point. I certainly understand being hesitant to be use urls with username/password as can end up in your browsing history... or possibly cached somewhere. I do it, but I understand why others do not.

@freefd
Copy link
Contributor

freefd commented Sep 26, 2024

Hi there, can it be closed in favor of #98?

@Nonobis
Copy link
Author

Nonobis commented Sep 27, 2024

Yes, including clip better i think

@Nonobis Nonobis closed this as completed Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@freefd @Nonobis @johnwilson1969