From b026878c387287dfbc18b6b42df2392ccc7e970a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= Date: Tue, 4 Nov 2025 23:17:13 +0100 Subject: [PATCH] feat: add HTTP Basic Auth to Scrapyd for security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Traefik Basic Auth middleware to secure Scrapyd web interface: - Added basicauth middleware to scrapyd service labels - Middleware chains auth with compression for HTTPS routes - Added SCRAPY_AUTH_USERS environment variable to arty.yml - Credentials stored in .env (htpasswd format with escaped $) Access to scrapy.pivoine.art now requires username/password. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- arty.yml | 1 + scrapy/compose.yaml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arty.yml b/arty.yml index 493b37e..991e33c 100644 --- a/arty.yml +++ b/arty.yml @@ -62,6 +62,7 @@ envs: SCRAPY_TRAEFIK_HOST: scrapy.pivoine.art SCRAPY_SCRAPYD_PORT: 6800 SCRAPY_SCRAPYRT_PORT: 9080 + SCRAPY_AUTH_USERS: admin:$$apr1$$changeme$$example # n8n N8N_TRAEFIK_ENABLED: true N8N_COMPOSE_PROJECT_NAME: n8n diff --git a/scrapy/compose.yaml b/scrapy/compose.yaml index 038c144..84e1409 100644 --- a/scrapy/compose.yaml +++ b/scrapy/compose.yaml @@ -19,8 +19,9 @@ services: - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.rule=Host(`${SCRAPY_TRAEFIK_HOST}`)' - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.tls.certresolver=resolver' - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.entrypoints=web-secure' + - 'traefik.http.middlewares.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-auth.basicauth.users=${SCRAPY_AUTH_USERS}' - 'traefik.http.middlewares.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress.compress=true' - - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.middlewares=${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress' + - 'traefik.http.routers.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.middlewares=${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-auth,${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure-compress' - 'traefik.http.services.${SCRAPY_COMPOSE_PROJECT_NAME}-scrapyd-web-secure.loadbalancer.server.port=6800' - 'traefik.docker.network=${NETWORK_NAME}' - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'