Allowing mobile apps to work with services using Organizr server auth

4

Allowing apps to work with services using Organizr server auth

When using server authenication to reach these services you will have trouble using apps like nzb360/Plexpy Remote ect. But by adding an extra block or line in your nginx config you can get around that!

Basic auth

You can use http auth (.htaccess) and embed the username and password into the URL. e.g. https://username:password@domain.com/url So for that to work with nzb360 you need to add username:password@domain.com in IP/Host Address and /service in Server Port for Service

Note: This will not work if you use Server Authentication on your main server block /auth-admin /auth_user)

Create your .htpasswd file and add it to the block. This will protect /service with an extra layer of security.

Use this command to create a .htpasswd file. Just drop the docker part if you don’t use that.

docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd YOUR-USER-NAME

Use the include syntax and create a basicauth.conf that you include in the block.

include /config/nginx/basicauth.conf;

basicauth.conf contents

auth_basic "Restricted";
auth_basic_user_file /config/nginx/.htpasswd;

If you choose to put the .htaccess in your root folder you can block access to it with this:

location ~ /\. { 
return 404; 
}

Example:

Sabnzbd

# SABNZBD redirect
location /sabnzbd {
return 301 /sabnzbd/;
}
# SABNZBD
location ^~ /sabnzbd/ {
include /config/nginx/basicauth.conf;
include /config/nginx/proxy.conf;
proxy_pass http://192.168.1.34:8383/sabnzbd/;
proxy_set_header Host $host;
}

Allowing /api

Another way is to open access to the /api page so that nzb360 or Plexpy Remote can access just that page

Example:

PlexPy

# PLEXPY ALLOW API FOR MOBILE APP
location /plexpy/api {
proxy_pass http://192.168.1.34:8181/plexpy/api;
include /config/nginx/proxy.conf;
proxy_bind $server_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Ssl on; 
}

Plexpy Remote and nzb360 Settings

Subdomains

By using subdomains you can have your cake and eat it too! Now you can have server authentication on your sub directories and http auth on your subdomain.

server {
server_name service.domain.com;
listen 80;
listen 443 ssl http2;

location / {
proxy_pass http://IP:PORT;
#Don't add base URL to the proxy_pass
include /config/nginx/proxy.conf;
include /config/nginx/basicauth.conf;
} 
}

By using basic auth on you apps there is nothing stopping people from trying to brute force their way in. But by implementing Fail2ban, you can give the user or intruder x amount of retries before getting banned! Read more here

W.

Weyland

Share

%d bloggers like this: