This section describes how to configure authentication for Aptly repositories through NGINX if Aptly is running in the Swarm mode on the offline node or in the non-Swarm mode (as standalone processes).
To configure Aptly authentication through NGINX:
Log in to the Salt Master node.
Verify that NGINX is enabled on the node that runs Aptly API:
If Aptly runs on the offline node in the Swarm mode:
salt -C 'I@docker:client:stack:aptly' pillar.get nginx:server:enabled
If Aptly runs in the non-Swarm mode:
salt -C 'I@aptly:server' pillar.get nginx:server:enabled
Open one of the following files for editing:
cluster/<cluster_name>/infra/apt.yml
.If NGINX is not enabled or not configured through Salt for the offline node, include the following class on the cluster level for the node that runs Aptly:
- system.nginx.server.single
Configure the Aptly NGINX site using the example below. Correlate the port and host parameters.
Note
If Aptly runs in the non-Swarm mode, skip the aptly_public
section in the NGINX site configuration.
nginx:
server:
user:
aptly_user:
enabled: true
password: <aptly_user_password>
htpasswd: .htpasswd_aptly
site:
aptly_api:
enabled: true
type: nginx_proxy
name: aptly_api
auth:
engine: basic
htpasswd: .htpasswd_aptly
proxy:
host: 127.0.0.1
port: 18084
protocol: http
size: 1G
host:
name: <server_name>.<domain>.local
port: 8080
aptly_public:
enabled: true
type: nginx_proxy
name: aptly_public
auth:
engine: basic
htpasswd: .htpasswd_aptly
proxy:
host: 127.0.0.1
port: 18085
protocol: http
size: 1G
host:
name: <server_name>.<domain>.local
port: 80
Apply the nginx.server
state on the Aptly API node:
If Aptly runs on the offline node in the Swarm mode:
salt -C 'I@docker:client:stack:aptly' state.apply nginx.server
If Aptly runs in the non-Swarm mode:
salt -C 'I@aptly:server' state.apply nginx.server
Once done, access to Aptly API is granted through
<aptly_user>:<aptly_user_password>
.
Now, proceed to Enable authentication for Aptly repositories.