Password protect TBro website

[000generic]

I was wondering if there is anything in TBro that will allow me to make the website private with password protection. Or if you have a recommended general method for hacking one of the files to do something like this.

In case its useful, I'm running TBro in Amazon AWS using Lightsail.

Thank-you!

[phryneas]

Hi,
if you really just want a password protection that makes the page unavailable for those who do not know a valid username/password, basic HTTP auth should be enough for you.
This is easily supported by every major web server out there without any required changes to TBro itself.

Unfortunately, I do not know which web server you are running in your Lightsail instance (if I understand right, that's a VPS that you can administrate to your needs, right?).
If it's an apache, you can look at this guide, for nginx this guide might help you.
Mind, these are guides that are most likely not for the linux distribution your VPS is running on, but the basics should be the same.

[000generic]

Thanks for all the info! I got it to work doing the following (based on your advice):

Password protect TBro in Docker in Amazon AWS Lightsail online

BASED ON THE FOLLOWING DIRECTIONS: https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-16-04

Start up TBro commandline

docker exec -it TBro_official /bin/bash

Move into the apache2 directory in etc

cd /etc/apache2

Install apache2 utils

sudo apt-get update
sudo apt-get install apache2-utils

Create file

sudo htpasswd -c /etc/apache2/.htpasswd USERNAME

Set password

PASSWORD

Edit config file

sudo apt-get install nano
sudo nano /etc/apache2/sites-enabled/000-default.conf

Make the following edits (add text in bold):

<VirtualHost*:80>
      # The ServerName directive sets the request scheme, hostname and port that
      # the server uses to identify itself. This is used when creating
      # redirection URLs. In the context of virtual hosts, the ServerName
      # specifies what hostname must appear in the request's Host: header to
      # match this virtual host. For the default virtual host (this file) this
      # value is not decisive as it is used as a last resort host regardless.
      # However, you must set it for any further virtual host explicitly.
      #ServerName www.example.com

      ServerAdmin webmaster@localhost
      DocumentRoot /var/www/html

      # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
      # error, crit, alert, emerg.
       #It is also possible to configure the loglevel for particular
      # modules, e.g.
      #LogLevel info ssl:warn

      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined

      # For most configuration files from conf-available/, which are
      # enabled or disabled at a global level, it is possible to
      # include a line for only one particular virtual host. For example the
      # following line enables the CGI configuration for this host only
      # after it has been globally disabled with "a2disconf".
      #Include conf-available/serve-cgi-bin.conf

### BEGIN: ADD THIS TEXT TO FILE ###

      <Directory "/var/www/html">
            AuthType Basic
            AuthName "Restricted Content"
            AuthUserFile /etc/apache2/.htpasswd
            Require valid-user
      </Directory>

### END: ADD THIS TEXT TO FILE ###

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Test that the syntax is ok

sudo apache2ctl configtest

Exit TBro commandline

exit

Restart TBro

docker restart TBro_official

TBro will now require the user and password online.

There may be better / more secure ways to do this leveraging Amazon AWS Lightsail but the Docker/TBro method above works!

[iimog]

Nice, thanks for writing this guide. This is a good reference for other users.

[iimog]

I added a guides section to the documentation. With a section called "Password protect TBro". I'd like to have your guide there. Right now I'm just linking to this issue. @000generic if you want to you can send me a pull request to integrate the full guide. Otherwise I can also copy paste it but if you send the pull request you will automatically get the credit 😃

[000generic]

Awesome! I will send a pull request in the next day or two.

Also, I have a generalized ~50 step guide (including password protection) to setting up TBro in Amazon Lightsail. I can post it here if you want to take a look at it and see if it is something that would be useful to others. Or if you want to use it to build off of.

[iimog]

Great, no hurry. I'm very much interested in your guide on setting up TBro in Amazon Lightsail. I'm sure other users (including me) can benefit from your experience. For your pull request you can edit this file: https://github.com/TBroTeam/Tutorial/blob/master/docs/guides.rst
It does not need to be polished. My idea is that the documentation will be collaboratively and iteratively refined. If you are new to reStructuredText this might be useful. But don't waste too much time on it a pure text description is fine as well.

[ARW-UBT]

Hello,
In addition to the protection of a docker installation by username and password, I'm wondering whether it would be possible to assing different datasets to various users? In my situation, I'm coordinating differential expression analyses for several groups at our university, and I would like to make sure that each partner gets access only to their own dataset.
How would you configure this in TBro?

[iimog]

Hi @ARW-UBT,
I'm afraid this might not be easy to achieve with TBro right now. For a better assessment, on which level do you want this access control? Are the groups working on different organisms/releases or on the same organism/release but with different expression counts and differential expressions? Would it be fine to have generic username/password combinations for the different groups or do you want to implement access control with the logged in google users? I will try my best to help find a solution.
Best,
Markus

[ARW-UBT]

Hi Markus, Let me explore it in more detail. I’m running the Genomics core facility at the Univ. Bayreuth (not far from Würzburg, if you are still there…) and I’m looking for a platform that could help us in a SFB (Sonderforschungsbereich der DFG). · The groups are working on different organisms; these are their ‘primary’ model organisms · In addition, the groups should be able to work together, looking at expression data of the ‘other’ group; Is it right that the original data are presented in a view-only mode via the WWW interface, and the users can export specific views/selections/etc. from TBro? This would mean that I would add/edit ‘raw data’ via CLI, and users can view them via the WWW interface. I do not understand what you mean with ‘logged in google users’; I assume that access control via external servers is not allowed within our IT infrastructure. I run TBro in docker container on a virtual Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64. Best regards Alfons PS: If this conversation does not go into the GitHub forum, we can also switch to German. PD Dr. Alfons Weig Genomics & Bioinformatics - Univ. Bayreuth Gebäude NW1 – Raum 6.0.01.08 Universitätsstrasse 30 95447 Bayreuth - Germany Tel. +49 (0)921-552457 Fax. +49 (0)921-55842457 www.genomics.uni-bayreuth.de<http://www.genomics.uni-bayreuth.de> Von: Markus J. Ankenbrand <[email protected]> Gesendet: Montag, 27. August 2018 13:35 An: TBroTeam/TBro <[email protected]> Cc: Weig, Alfons <[email protected]>; Mention <[email protected]> Betreff: Re: [TBroTeam/TBro] Password protect TBro website (#48) Hi @ARW-UBT<https://github.com/ARW-UBT>, I'm afraid this might not be easy to achieve with TBro right now. For a better assessment, on which level do you want this access control? Are the groups working on different organisms/releases or on the same organism/release but with different expression counts and differential expressions? Would it be fine to have generic username/password combinations for the different groups or do you want to implement access control with the logged in google users? I will try my best to help find a solution. Best, Markus — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#48 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AP_FfhC6eL7cIW8C2LULlalEqE6W4zveks5uU9legaJpZM4NMda1>.

[iimog]

That sounds like a really nice use case for TBro and I would love to see TBro used this way. You are completely right, data is imported by the admin (you) via CLI and users have a view-only mode in the web interface. They can however create selections (called "carts") which can also contain custom aliases or descriptions for unigenes and isoforms (only visible to this user). Those carts and annotations can be exported and imported (as json - so it is possible to share them as well) but they do only persist if the user logs in to TBro with a Google Account. Google is only used as an OAuth provider so no data is shared with Google it is only to uniquely identify the user without implementing a full featured user management in TBro. This is also what I meant with "logged in google users", but it is not required to use this feature.

I'm currently still in Würzburg 😃 so feel free to write me directly with any more questions that you have: [email protected] and we can switch to German then 😊
I'll gladly assist you in any way I can.

Best regards,
Markus