Enable Basic Authentication on IPFS Cluster with Docker
happy devSecOps
Background
In my previous post I have discussed about deploying IPFS Cluster with docker. The cluster is open(anyone can connect) and not setup with authentication. In this post I’m gonna discuss about deploying IPFS Cluster with enabling Basic Authentication
. The Cluster setup with pre-defined username/password
credentials. Clients need to provide this basic auth credentials when connecting to the cluster. The deployments related to this post available on gitlab. Please clone the repo and continue the post.
Cluster architecture
In this scenario I’m gonna run three node IPFS Cluster
. It contains three IPFS nodes
along with three IPFS Cluster nodes
. Following figure described the architecture of this IPFS cluster.
Cluster Deployment
I’m gonna deploy the IPFS cluster with docker-compose
. Following is the docker-compose.yml
deployment file I have used to run the cluster setup.
In the cluster peers I have set the CLUSTER_RESTAPI_BASICAUTHCREDENTIALS
environment variable which enables the Basic Authentication in the cluster REST API. It will set the basic_auth_credentials
value of the service.json
file(configuration file of IPFS Cluster peer) of the cluster peers.
Once this configurations in place, I can start the IPFS Cluster as a daemon with docker-compose
command as below. It will starts three IPFS nodes and three IPFS Cluster nodes.
Cluster Client
We can interact with IPFS Cluster via ipfs-cluster-ctl
command line client or REST API
. Since Basic Authentication enabled, we need to specify the basic-auth
parameters in the requests. Following is the way to interact with the IPFS Cluster. In this scenario I have deployed the IPFS Cluster on Minikube-based docker environment. The IP address 192.168.64.32
is the Minikube IP.
If you using Java
/Scala
or any other programming language client to interact with this cluster, you have set the basic-auth
header value based on the programming language HTTP library specification. In one of my previous post I have discussed about creating IPFS Cluster Scala client application. Following is the way to set basic-auth
header in the HTTP request of Scala client.
Reference
- https://medium.com/rahasak/ipfs-cluster-with-docker-db2ec20a6cc1
- https://medium.com/rahasak/multi-node-ipfs-cluster-on-docker-596085bd07e0
- https://medium.com/rahasak/ipfs-cluster-scala-client-332034fbb69f
- https://discuss.ipfs.io/t/writable-cluster-what-am-i-doing-wrong/4299
- https://issuehint.com/issue/ipfs/ipfs-cluster/1416
- https://github.com/ipfs-cluster/ipfs-cluster/issues/778