Configure Aptly authentication through NGINX

Configure Aptly authentication through NGINXΒΆ

This section describes how to configure authentication for Aptly repositories through NGINX if Aptly is running in the Swarm mode on the offline node or in the non-Swarm mode (as standalone processes).

To configure Aptly authentication through NGINX:

  1. Log in to the Salt Master node.

  2. Verify that NGINX is enabled on the node that runs Aptly API:

    • If Aptly runs on the offline node in the Swarm mode:

      salt -C 'I@docker:client:stack:aptly' pillar.get nginx:server:enabled
      
    • If Aptly runs in the non-Swarm mode:

      salt -C 'I@aptly:server' pillar.get nginx:server:enabled
      
  3. Open one of the following files for editing:

    • If Aptly runs on the offline node in the Swarm mode, use cluster/<cluster_name>/infra/apt.yml.

    • If Aptly runs in the non-Swarm mode, open the file with Aptly configuration on the cluster level.

  4. If NGINX is not enabled or not configured through Salt for the offline node, include the following class on the cluster level for the node that runs Aptly:

    - system.nginx.server.single
    
  5. Configure the Aptly NGINX site using the example below. Correlate the port and host parameters.

    Note

    If Aptly runs in the non-Swarm mode, skip the aptly_public section in the NGINX site configuration.

    nginx:
      server:
        user:
          aptly_user:
            enabled: true
            password: <aptly_user_password>
            htpasswd: .htpasswd_aptly
        site:
          aptly_api:
            enabled: true
            type: nginx_proxy
            name: aptly_api
            auth:
              engine: basic
              htpasswd: .htpasswd_aptly
            proxy:
              host: 127.0.0.1
              port: 18084
              protocol: http
              size: 1G
            host:
              name: <server_name>.<domain>.local
              port: 8080
          aptly_public:
            enabled: true
            type: nginx_proxy
            name: aptly_public
            auth:
              engine: basic
              htpasswd: .htpasswd_aptly
            proxy:
              host: 127.0.0.1
              port: 18085
              protocol: http
              size: 1G
            host:
              name: <server_name>.<domain>.local
              port: 80
    
  6. Apply the nginx.server state on the Aptly API node:

    • If Aptly runs on the offline node in the Swarm mode:

      salt -C 'I@docker:client:stack:aptly' state.apply nginx.server
      
    • If Aptly runs in the non-Swarm mode:

      salt -C 'I@aptly:server' state.apply nginx.server
      

    Once done, access to Aptly API is granted through <aptly_user>:<aptly_user_password>.

Now, proceed to Enable authentication for Aptly repositories.