How to protect Youtrack by basic auth in Nginx?

My current config:

location / {
proxy_set_header Connection "upgrade";
include conf.d/Youtrack_proxy_params;
}

location /api/eventSourceBus {
proxy_cache off;
proxy_buffering off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
chunked_transfer_encoding off;

proxy_set_header Connection '';
include conf.d/Youtrack_proxy_params;
}

I want to protect YouTrack access by simple login/pass against script kiddies and bots:

allow 1.2.3.4;    # home
allow 5.6.7.8;    # office
deny all;
satisfy any;

auth_basic "YouTrack";
auth_basic_user_file Userlist;  # ..contains username=11 and password=22

But it seems that YouTrack uses basic auth its own purposes, so username and password are accepted in Nginx and rejected in YouTrack.

Assigning 'location / { ... ; proxy_set_header Authorization ""; }' (works good for Confluence) has no effect.

How to modify Nginx config for that?

1
4 comments

Hello Ilya,

YouTrack uses Bearer instead of Basic authentication, but just to be on the same page what is the purpose of this limitation? Is YouTrack's authentication enough, isn't it?

0

> Is YouTrack's authentication enough, isn't it?

We want to protect YouTrack against bots and script kiddies.

0

Hello Ilya,


Thank you for your reply. Have you tried changing of authentication method? Has it worked?

Whether it's possible please tell in detail about your scenario.

0

Hello, 

I have the same problem. Youtrack is served by an apache server which uses Basic Auth. This way I minimize the attack surface. 

The apache server is used as a reverse proxy for a lot of other services running as docker container. Youtrack is one of these services. 

 

Maybe this link can help fixing the problem:

https://stackoverflow.com/questions/23526644/spring-security-with-oauth2-or-http-basic-authentication-for-the-same-resource

 

0

Please sign in to leave a comment.