Protecting web pages with authentication
The contents of /work/USER/WWW
are usually served to the public
without any restrictions/authentication. If you want to share results
internally or with a group of people externally, currently the
simplest method is to use existing users or groups from our
gitlab.
Using gitlab groups
Select a group
You can either use a currently defined group or create your own group if existing groups do not work for you. Please note that new groups will only by synchronized to the web server once an hour! This means, if you create a new group, you may have to wait some time before this new group can be used!
Create the configuration
You can enable authentication for almost any directory under your
/work/USER/WWW
directory, e.g. /work/USER/WWW/current_project
. If
not yet present, create the directory mkdir -p
/work/USER/WWW/current_project
and in there a file called .htaccess
with the following content:
AuthType openid-connect
AuthGroupFile /var/www/gitlab.groups
Require group GITLAB_GROUP
Here, GITLAB_GROUP
must be replaced with whatever group from gitlab
you want to allow access for. As gitlab allows for groups to have
sub-groups, you can find the correct group name by browsing to the
corresponding group’s members page and look at the URL of that
page. It will look like
https://gitlab.aei.uni-hannover.de/groups/top-group/subgroup/-/group_members
. You
need to use the full path between groups
and -
excluding the
leading slashes, i.e. in this example GITLAB_GROUP
would be
top-group/subgroup
.
Test the set-up
Save the file and then use your browser to access
https://www.atlas.aei.uni-hannover.de/work/USER/current_project
. This
should now redirect you to gitlab and ask you to log in there or
automatically redirect you again to the proper page if you are
already logged into gitlab.
Using individual gitlab users
This section will be filled in later.