Full SSL/password support now including QAN.

CHANGELOG.md

@@ -1,11 +1,11 @@
 Percona Monitoring and Management (PMM) Server
 
-v1.0.4 unreleased 2016-09-02
+v1.0.4 unreleased 2016-09-08
 
 * Grafana 3.1.1.
 * Prometheus 1.0.2.
-* Added SSL and HTTP password support. Currently, only Prometheus, Consul APIs and QAN app are protected.
-* No extra `alias` label for Prometheus.
+* Added SSL and HTTP password protection.
+* No extra `alias` label on Prometheus.
 * Query Analytics App:
   * added sparkline charts to metrics
   * added search by query fingerprint

docker-compose.yml

@@ -27,5 +27,5 @@ services:
       - METRICS_RETENTION=720h
       - METRICS_MEMORY=262144
       - METRICS_RESOLUTION=1s
-#      - HTTP_USER=pmm
-#      - HTTP_PASSWORD=abc123
+#      - SERVER_USER=pmm
+#      - SERVER_PASSWORD=abc123

entrypoint.sh

@@ -9,8 +9,8 @@ if [ -e /etc/nginx/ssl/server.crt ] && [ -e /etc/nginx/ssl/server.key ]; then
     fi
 fi
 
-if [ -n "$HTTP_PASSWORD" ]; then
-    echo "${HTTP_USER:-pmm}:$(openssl passwd -apr1 $HTTP_PASSWORD)" > /etc/nginx/.htpasswd
+if [ -n "$SERVER_PASSWORD" ]; then
+    echo "${SERVER_USER:-pmm}:$(openssl passwd -apr1 $SERVER_PASSWORD)" > /etc/nginx/.htpasswd
     sed -i 's/auth_basic off/auth_basic "PMM Server"/' /etc/nginx/nginx.conf
 
     # Disable Grafana HTTP auth

nginx.conf

@@ -18,6 +18,10 @@ http {
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 	gzip on;
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
 	server {
 		listen			*:80;
 		server_name		_;
@@ -66,11 +70,8 @@ http {
 			proxy_set_header	Host $http_host;
 			proxy_http_version 	1.1;
 			proxy_set_header 	Upgrade $http_upgrade;
-			proxy_set_header 	Connection "upgrade";
+			proxy_set_header 	Connection $connection_upgrade;
 			proxy_read_timeout	86400;
-
-			# Temporary until agent supports this.
-			auth_basic		off;
 		}
 	}
 }