This section describes how to configure authentication for Aptly repositories through NGINX if Aptly is running in the Swarm mode on the offline node or in the non-Swarm mode (as standalone processes).
To configure Aptly authentication through NGINX:
Log in to the Salt Master node.
Verify that NGINX is enabled on the node that runs Aptly API:
If Aptly runs on the offline node in the Swarm mode:
salt -C 'I@docker:client:stack:aptly' pillar.get nginx:server:enabled
If Aptly runs in the non-Swarm mode:
salt -C 'I@aptly:server' pillar.get nginx:server:enabled
Open one of the following files for editing:
If Aptly runs on the offline node in the Swarm mode, use
cluster/<cluster_name>/infra/apt.yml
.
If Aptly runs in the non-Swarm mode, open the file with Aptly configuration on the cluster level.
If NGINX is not enabled or not configured through Salt for the offline node, include the following class on the cluster level for the node that runs Aptly:
- system.nginx.server.single
Configure the Aptly NGINX site using the example below. Correlate the port and host parameters.
Note
If Aptly runs in the non-Swarm mode, skip the aptly_public
section in the NGINX site configuration.
nginx:
server:
user:
aptly_user:
enabled: true
password: <aptly_user_password>
htpasswd: .htpasswd_aptly
site:
aptly_api:
enabled: true
type: nginx_proxy
name: aptly_api
auth:
engine: basic
htpasswd: .htpasswd_aptly
proxy:
host: 127.0.0.1
port: 18084
protocol: http
size: 1G
host:
name: <server_name>.<domain>.local
port: 8080
aptly_public:
enabled: true
type: nginx_proxy
name: aptly_public
auth:
engine: basic
htpasswd: .htpasswd_aptly
proxy:
host: 127.0.0.1
port: 18085
protocol: http
size: 1G
host:
name: <server_name>.<domain>.local
port: 80
Apply the nginx.server
state on the Aptly API node:
If Aptly runs on the offline node in the Swarm mode:
salt -C 'I@docker:client:stack:aptly' state.apply nginx.server
If Aptly runs in the non-Swarm mode:
salt -C 'I@aptly:server' state.apply nginx.server
Once done, access to Aptly API is granted through
<aptly_user>:<aptly_user_password>
.
Now, proceed to Enable authentication for Aptly repositories.