Cadence Web is a web-based UI that can be used to view workflows from Cadence as well as explore and debug their execution steps. Instaclustr’s managed Cadence offering deploys the Cadence Web (v3.28.7) application in one of the nodes (chosen randomly) during cluster provisioning.
The Cadence Web version used by Instaclustr does not have any built-in support for password authentication. This means, when a user types <cadence_web_url> into the browser, you gain direct access to the UI home page.
Therefore, to provide “Basic HTTP Authentication” support, we will use NGINX in front of Cadence Web. The following diagram demonstrates how a user/client will interact with Cadence Web under this new architecture.
As seen from the diagram above, only ports 7933 and 443 are made public through the firewall for user-selected source IPs. According to the diagram, NGINX accepts user/client requests (i.e. all communications including username/password) on port 443 and forwards them to Cadence Web on port 8088. Under this architecture, when a user types <cadence_web_url> into the browser, he/she sees a username/password prompt like shown below.
Only when the correct username and password is entered, the user is directed to the Cadence Web home page (as shown above).
To use NGINX in the aforementioned manner, the following steps need to be taken:
- Create a file called /etc/nginx/.htpasswd which will store the username and password in the format: <username>:<password>
Create the following entries in the NGINX configuration file (/etc/nginx/nginx.conf):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
…………… …………… server { listen 443; server_name <cadence_web_url>; ………… ………… location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass https://127.0.0.1:8088; ………… ………… } } …………… …………… |
In conclusion, this NGINX approach can be used for other web applications that don’t natively support authentication.