This is a Reeve plugin that provides an admin web interface.
Settings can be provided to the plugin through environment variables set to the reeve server.
Settings for this plugin should be prefixed by REEVE_PLUGIN_WEBUI_.
Settings may also be shared between plugins by prefixing them with REEVE_SHARED_ instead.
ENABLED-trueenables this pluginHTTP_PORT- HTTP port on which the webserver should listenHTTPS_PORT- HTTPS port on which the webserver should listenTLS_CERT_FILE- TLS certificate file for HTTPSTLS_KEY_FILE- TLS key file for HTTPSADMIN_USERNAME- Administrator usernameADMIN_PASSWORD- Administrator passwordCORS_ORIGIN- Optional value for the Access-Control-Allow-Origin header for API requests
If you want authentication to be handled by a 3rd party, you can do so by configuring your Reverse Proxy to provide basic auth to the application.
By doing so, the server will set the corresponding session cookie when delivering the page.
Please note that the Authorization header sent by the web client must always be forwarded to the /api/* endpoints.
Here is a basic example using Traefik with Authelia:
http:
routers:
reeve-api:
entryPoints:
- websecure
middlewares:
- authelia@file
rule: (Host(`ci.example.com`) && PathPrefix(`/api/`))
service: reeve@file
reeve:
entryPoints:
- websecure
middlewares:
- authelia@file
- reeve-webui-auth@file
rule: Host(`ci.example.com`)
service: reeve@file
services:
reeve:
loadBalancer:
servers:
- url: http://localhost:9081
http:
middlewares:
authelia:
forwardAuth:
address: http://authelia:9091/api/authz/forward-auth
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
reeve-webui-auth:
headers:
customRequestHeaders:
Authorization: Basic dXNlcjpwYXNzd29yZA== # example basic auth header (user:password) - DO NOT USE!!