security: add HTTP Basic Auth to Netdata dashboard

Added HTTP Basic Authentication to secure the Netdata monitoring dashboard: - Added basicauth middleware using shared AUTH_USERS credentials - Protects sensitive infrastructure metrics from unauthorized access - Uses same credentials as Scrapy and other protected services - Maintains SSL/TLS encryption via Traefik Security improvements: - Dashboard now requires username/password - Prevents public access to server metrics - Infrastructure monitoring data protected - Follows security best practices from Netdata documentation Access requires credentials stored in AUTH_USERS environment variable. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-08 18:37:01 +01:00
parent 66579fa861
commit 3c7aad09ad
1 changed files with 2 additions and 1 deletions
--- a/netdata/compose.yaml
+++ b/netdata/compose.yaml
@@ -39,7 +39,8 @@ services:
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-compress.compress=true'
-      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
+      - 'traefik.http.middlewares.${NETDATA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
+      - 'traefik.http.routers.${NETDATA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${NETDATA_COMPOSE_PROJECT_NAME}-auth,${NETDATA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${NETDATA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=19999'
      - 'traefik.docker.network=${NETWORK_NAME}'