From 91a8c9f9933f8fa0cc26c4cd61658ddef4e26b97 Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Wed, 21 Oct 2020 15:44:18 +0200
Subject: [PATCH] add traefik secrets to operators guide

---
 README.md                                     |  4 ++--
 .../operator-guide/configuration.rst          | 19 +++++++++++++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index c901770d..1a03d587 100644
--- a/README.md
+++ b/README.md
@@ -222,10 +222,10 @@ Sensitive environment variables are not included in the .env files, and must be
 printf "<OS_PASSWORD_DOWNLOAD>" | docker secret create OS_PASSWORD_DOWNLOAD -
 printf "<DJANGO_PASSWORD>" | docker secret create DJANGO_PASSWORD -
 printf "<OS_PASSWORD>" | docker secret create OS_PASSWORD -
-# for production base stack deployment, additonal basic authentication credentials list need to be created
+# for production base stack deployment, additional basic authentication credentials list need to be created
 # format of such a list used by traefik are username:hashedpassword (MD5, SHA1, BCrypt)
 sudo apt-get install apache2-utils
-htpasswd -n <username> >> auth_list.txt
+htpasswd -nb <username> <password> >> auth_list.txt
 docker secret create BASIC_AUTH_USERS_AUTH auth_list.txt
 docker secret create BASIC_AUTH_USERS_APIAUTH auth_list_api.txt
 ```
diff --git a/documentation/operator-guide/configuration.rst b/documentation/operator-guide/configuration.rst
index ff600788..b93bc1ba 100644
--- a/documentation/operator-guide/configuration.rst
+++ b/documentation/operator-guide/configuration.rst
@@ -217,16 +217,27 @@ Sensitive variables
 
 Since environment variables include credentials that are considered sensitive,
 avoiding their exposure inside ``.env`` files would be the right practice.
-In order to manage transmiting sensitive data securely into the respective containers,
-docker secrets with the values of these variables should be created. currently, three 
-variables shall be passed as secrets before deploying the swarm:
+In order to manage transmitting sensitive data securely into the respective containers,
+docker secrets with the values of these variables should be created. Currently, three 
+variables have to be saved as docker secrets before deploying the swarm:
 ``OS_PASSWORD``,  ``OS_PASSWORD_DOWNLOAD`` and ``DJANGO_PASSWORD``.
-An example of creating ``OS_PASSWORD`` as secret using the following comand : 
+
+Two other docker secrets need to be created for traefik basic authentication:
+``BASIC_AUTH_USERS_AUTH`` - used for access to services, ``BASIC_AUTH_USERS_APIAUTH`` - used for admin access to kibana and traefik.
+These secrets should be text files containing a list of username:hashedpassword (MD5, SHA1, BCrypt) pairs.
+
+An example of creating ``OS_PASSWORD`` as secret using the following command : 
 
 .. code-block:: bash
 
   printf "<password_value>" | docker secret create OS_PASSWORD -
 
+An example of creating ``BASIC_AUTH_USERS_AUTH`` secret: 
+
+.. code-block:: bash
+  htpasswd -nb user1 3vYxfRqUx4H2ar3fsEOR95M30eNJne >> auth_list.txt
+  htpasswd -nb user2 YyuN9bYRvBUUU6COx7itWw5qyyARus >> auth_list.txt
+  docker secret create BASIC_AUTH_USERS_AUTH auth_list.txt
 
 Configuration Files
 -------------------
-- 
GitLab