Enable Basic Authentication on IPFS Cluster with Docker

happy devSecOps

Background

In my previous post I have discussed about deploying IPFS Cluster with docker. The cluster is open(anyone can connect) and not setup with authentication. In this post I’m gonna discuss about deploying IPFS Cluster with enabling Basic Authentication. The Cluster setup with pre-defined username/password credentials. Clients need to provide this basic auth credentials when connecting to the cluster. The deployments related to this post available on gitlab. Please clone the repo and continue the post.

Cluster architecture

In this scenario I’m gonna run three node IPFS Cluster. It contains three IPFS nodes along with three IPFS Cluster nodes. Following figure described the architecture of this IPFS cluster.

Cluster Deployment

I’m gonna deploy the IPFS cluster with docker-compose. Following is the docker-compose.yml deployment file I have used to run the cluster setup.

In the cluster peers I have set the CLUSTER_RESTAPI_BASICAUTHCREDENTIALS environment variable which enables the Basic Authentication in the cluster REST API. It will set the basic_auth_credentials value of the service.json file(configuration file of IPFS Cluster peer) of the cluster peers.

Once this configurations in place, I can start the IPFS Cluster as a daemon with docker-compose command as below. It will starts three IPFS nodes and three IPFS Cluster nodes.

Cluster Client

We can interact with IPFS Cluster via ipfs-cluster-ctl command line client or REST API. Since Basic Authentication enabled, we need to specify the basic-auth parameters in the requests. Following is the way to interact with the IPFS Cluster. In this scenario I have deployed the IPFS Cluster on Minikube-based docker environment. The IP address 192.168.64.32 is the Minikube IP.

If you using Java/Scala or any other programming language client to interact with this cluster, you have set the basic-auth header value based on the programming language HTTP library specification. In one of my previous post I have discussed about creating IPFS Cluster Scala client application. Following is the way to set basic-auth header in the HTTP request of Scala client.

Reference

1. https://medium.com/rahasak/ipfs-cluster-with-docker-db2ec20a6cc1
2. https://medium.com/rahasak/multi-node-ipfs-cluster-on-docker-596085bd07e0
3. https://medium.com/rahasak/ipfs-cluster-scala-client-332034fbb69f
4. https://discuss.ipfs.io/t/writable-cluster-what-am-i-doing-wrong/4299
5. https://issuehint.com/issue/ipfs/ipfs-cluster/1416
6. https://github.com/ipfs-cluster/ipfs-cluster/issues/778