add traefik secrets to operators guide

91a8c9f9 · Lubomir Dolezal · cd24c1d1 · 91a8c9f9 · 91a8c9f9
Commit 91a8c9f9 authored 4 years ago by Lubomir Dolezal
--- a/README.md
+++ b/README.md
@@ -222,10 +222,10 @@ Sensitive environment variables are not included in the .env files, and must be
 printf "<OS_PASSWORD_DOWNLOAD>" | docker secret create OS_PASSWORD_DOWNLOAD -
 printf "<DJANGO_PASSWORD>" | docker secret create DJANGO_PASSWORD -
 printf "<OS_PASSWORD>" | docker secret create OS_PASSWORD -
-# for production base stack deployment, additonal basic authentication credentials list need to be created
+# for production base stack deployment, additional basic authentication credentials list need to be created
 # format of such a list used by traefik are username:hashedpassword (MD5, SHA1, BCrypt)
 sudo apt-get install apache2-utils
-htpasswd -n <username> >> auth_list.txt
+htpasswd -nb <username> <password> >> auth_list.txt
 docker secret create BASIC_AUTH_USERS_AUTH auth_list.txt
 docker secret create BASIC_AUTH_USERS_APIAUTH auth_list_api.txt
 ```

--- a/documentation/operator-guide/configuration.rst
+++ b/documentation/operator-guide/configuration.rst
@@ -217,16 +217,27 @@ Sensitive variables

 Since environment variables include credentials that are considered sensitive,
 avoiding their exposure inside ``.env`` files would be the right practice.
-In order to manage transmiting sensitive data securely into the respective containers,
-docker secrets with the values of these variables should be created. currently, three 
-variables shall be passed as secrets before deploying the swarm:
+In order to manage transmitting sensitive data securely into the respective containers,
+docker secrets with the values of these variables should be created. Currently, three 
+variables have to be saved as docker secrets before deploying the swarm:
 ``OS_PASSWORD``,  ``OS_PASSWORD_DOWNLOAD`` and ``DJANGO_PASSWORD``.
-An example of creating ``OS_PASSWORD`` as secret using the following comand : 
+
+Two other docker secrets need to be created for traefik basic authentication:
+``BASIC_AUTH_USERS_AUTH`` - used for access to services, ``BASIC_AUTH_USERS_APIAUTH`` - used for admin access to kibana and traefik.
+These secrets should be text files containing a list of username:hashedpassword (MD5, SHA1, BCrypt) pairs.
+
+An example of creating ``OS_PASSWORD`` as secret using the following command : 

 .. code-block:: bash

  printf "<password_value>" | docker secret create OS_PASSWORD -

+An example of creating ``BASIC_AUTH_USERS_AUTH`` secret: 
+
+.. code-block:: bash
+  htpasswd -nb user1 3vYxfRqUx4H2ar3fsEOR95M30eNJne >> auth_list.txt
+  htpasswd -nb user2 YyuN9bYRvBUUU6COx7itWw5qyyARus >> auth_list.txt
+  docker secret create BASIC_AUTH_USERS_AUTH auth_list.txt

 Configuration Files
 -------------------