SYS-674 helm chart updates for auth protection of mythtv-backend#263
Merged
instantlinux merged 3 commits intomainfrom Feb 13, 2026
Merged
SYS-674 helm chart updates for auth protection of mythtv-backend#263instantlinux merged 3 commits intomainfrom
instantlinux merged 3 commits intomainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of Changes
Why is this change being made?
When 35.0 came out a year ago, there was no way to secure the setup dashboard which had been combined into a single service on port 6544 with the old mythweb capability, which has been renamed "Web App". I submitted a request as issue #1077 for this capability, which until now has only been available for users of the pre-release 36.0 development branch.
Version 36.0 provides a username / password mechanism for protecting this service. By default, it's turned off. I've added documentation here to better explain how to set up this vital capability.
How was this tested? How can the reviewer verify your testing?
Local testing. I was unable to get Authelia's TOTP to behave quite right -- it works fine for applications that serve a login splash screen is served separately from the content, but I've never had luck configuring it for applications like this that bring up a username / password dialog box on the content page and use a separate URL for the http-POST login sequence. During testing I looked at unhelpful trace logs from authelia, searched high and low for anyone else using Authelia this way, and concluded that it's good enough for now to require separate authtotp login prior to accessing Myth Web App. This will need to be changed imminently anyway, as ingress-nginx is being retired by the Kubernetes project two months from now.
Completion checklist