Basic HTTP Authentication¶
SWS
provides 'Basic' HTTP Authentication Scheme using an user:password
pair.
This feature is disabled by default and can be controlled by the string --basic-auth
option or the equivalent SERVER_BASIC_AUTH env.
The format to use is the following:
username:encrypted_password
Both are separated by a :
(punctuation mark) character.
Password Encryption
Only the password must be encoded using the BCrypt
password-hashing function.
As an example, we will use the Apache htpasswd
tool to generate the username:encrypted_password
pair.
htpasswd -nBC10 "username"
# New password:
# Re-type new password:
# username:$2y$10$8phm28BB4YpKPDjOpdTT8eUcfVDw0xc85VZPxg2zae1GR8EQqus3i
Password Security Advice
The password verification happens at runtime but its verification speed depends on the computing time cost of bcrypt
algorithm used.
For example, the htpasswd
tool supports a -C
argument to adjust the bcrypt
's computing time.
Using a higher value is more secure but slower. The default value is 5
and the possible values are ranging from 4
to 17
.
Docker Compose Advice
If you are using SERVER_BASIC_AUTH
env via a docker-compose.yml
file don't forget to replace the single $
(dollar sign) with a $$
(double-dollar sign) if you want those individual $
dollar signs in your configuration to be treated by Docker as literals.
More details in the Docker Compose file: variable substitution page.
Finally, assign the credentials and run the server.
static-web-server \
--port 8787 \
--root ./my-public-dir \
--basic-auth 'username:$2y$10$8phm28BB4YpKPDjOpdTT8eUcfVDw0xc85VZPxg2zae1GR8EQqus3i'