1. HOME
  2. MCP Deployment Guide
  3. Deployment customizations guidelines
  4. Customize the prebuilt mirror node
  5. Enable authentication for Aptly repositories
  6. Configure Aptly authentication through NGINX

Configure Aptly authentication through NGINX

Configure Aptly authentication through NGINX

This section describes how to configure authentication for Aptly repositories through NGINX if Aptly is running in the Swarm mode on the offline node or in the non-Swarm mode (as standalone processes).

To configure Aptly authentication through NGINX:

  1. Log in to the Salt Master node.

  2. Verify that NGINX is enabled on the node that runs Aptly API:

    • If Aptly runs on the offline node in the Swarm mode:

      salt -C 'I@docker:client:stack:aptly' pillar.get nginx:server:enabled

    • If Aptly runs in the non-Swarm mode:

      salt -C 'I@aptly:server' pillar.get nginx:server:enabled

  3. Open one of the following files for editing:

    • If Aptly runs on the offline node in the Swarm mode, use cluster/<cluster_name>/infra/apt.yml.

    • If Aptly runs in the non-Swarm mode, open the file with Aptly configuration on the cluster level.

  4. If NGINX is not enabled or not configured through Salt for the offline node, include the following class on the cluster level for the node that runs Aptly:

    - system.nginx.server.single

  5. Configure the Aptly NGINX site using the example below. Correlate the port and host parameters.

    Note

    If Aptly runs in the non-Swarm mode, skip the aptly_public section in the NGINX site configuration.

    nginx:
  server:
    user:
      aptly_user:
        enabled: true
        password: <aptly_user_password>
        htpasswd: .htpasswd_aptly
    site:
      aptly_api:
        enabled: true
        type: nginx_proxy
        name: aptly_api
        auth:
          engine: basic
          htpasswd: .htpasswd_aptly
        proxy:
          host: 127.0.0.1
          port: 18084
          protocol: http
          size: 1G
        host:
          name: <server_name>.<domain>.local
          port: 8080
      aptly_public:
        enabled: true
        type: nginx_proxy
        name: aptly_public
        auth:
          engine: basic
          htpasswd: .htpasswd_aptly
        proxy:
          host: 127.0.0.1
          port: 18085
          protocol: http
          size: 1G
        host:
          name: <server_name>.<domain>.local
          port: 80

  6. Apply the nginx.server state on the Aptly API node:

    • If Aptly runs on the offline node in the Swarm mode:

      salt -C 'I@docker:client:stack:aptly' state.apply nginx.server

    • If Aptly runs in the non-Swarm mode:

      salt -C 'I@aptly:server' state.apply nginx.server

    Once done, access to Aptly API is granted through <aptly_user>:<aptly_user_password>.

Now, proceed to Enable authentication for Aptly repositories.

updated: 2021-04-17 10:07