Update proxy authentication environment variables and configuration

claffin · claffin · commit 7bd044a8e10f · 2025-02-24T10:37:56.000Z
diff --git a/README.md b/README.md
@@ -86,10 +86,14 @@ All you need is:
 
 #### Environment variables:
 
+Basic authentication is used for proxy access. Configure via environment variables:
+* PROXY_USERNAME
+* PROXY_PASSWORD
+
 ##### Required
 You have two available methods of proxy authentication: username and password or IP restriction. You can use either one or both simultaneously.
 
-- `USERNAME`, `PASSWORD` - set the username and password for the forward proxy. The username and password should consist of alphanumeric characters. Using special characters may cause issues due to how URL encoding works.
+- `PROXY_USERNAME`, `PROXY_PASSWORD` - set the username and password for the forward proxy. The username and password should consist of alphanumeric characters. Using special characters may cause issues due to how URL encoding works.
 - `ONLY_HOST_IP` - set this variable to true if you want to restrict access to the proxy only to the host server (i.e., the IP address of the server running the CloudProxy Docker container).
 
 ##### Optional
@@ -102,8 +106,8 @@ See individual provider pages for environment variables required in above provid
 For example:
 
    ```shell
-   docker run -e USERNAME='CHANGE_THIS_USERNAME' \
-       -e PASSWORD='CHANGE_THIS_PASSWORD' \
+   docker run -e PROXY_USERNAME='CHANGE_THIS_USERNAME' \
+       -e PROXY_PASSWORD='CHANGE_THIS_PASSWORD' \
        -e ONLY_HOST_IP=True \
        -e DIGITALOCEAN_ENABLED=True \
        -e DIGITALOCEAN_ACCESS_TOKEN='YOUR SECRET ACCESS KEY' \
diff --git a/cloudproxy/providers/aws/functions.py b/cloudproxy/providers/aws/functions.py
@@ -11,7 +11,10 @@
 
 ec2 = boto3.resource("ec2", region_name=config["providers"]["aws"]["region"])
 ec2_client = boto3.client("ec2", region_name=config["providers"]["aws"]["region"])
-tags = [{"Key": "cloudproxy", "Value": "cloudproxy"}]
+tags = [
+    {"Key": "cloudproxy", "Value": "cloudproxy"},
+    {"Key": "Name", "Value": "CloudProxy-Instance"}
+]
 tag_specification = [
     {"ResourceType": "instance", "Tags": tags},
 ]
diff --git a/cloudproxy/providers/config.py b/cloudproxy/providers/config.py
@@ -13,11 +13,11 @@ def set_auth(username, password):
 
     if settings.config["no_auth"]:
         # Remove auth configuration for tinyproxy
-        filedata = filedata.replace('\nBasicAuth username password\n', '\n')
+        filedata = filedata.replace('\nBasicAuth PROXY_USERNAME PROXY_PASSWORD\n', '\n')
     else:
         # Replace username and password in tinyproxy config
-        filedata = filedata.replace("username", username)
-        filedata = filedata.replace("password", password)
+        filedata = filedata.replace("PROXY_USERNAME", username)
+        filedata = filedata.replace("PROXY_PASSWORD", password)
 
     if settings.config["only_host_ip"]:
         ip_address = requests.get('https://ipecho.net/plain').text.strip()
diff --git a/cloudproxy/providers/settings.py b/cloudproxy/providers/settings.py
@@ -54,8 +54,8 @@
 load_dotenv()
 
 # Set proxy authentication
-config["auth"]["username"] = os.environ.get("USERNAME", "changeme")
-config["auth"]["password"] = os.environ.get("PASSWORD", "changeme")
+config["auth"]["username"] = os.environ.get("PROXY_USERNAME", "changeme")
+config["auth"]["password"] = os.environ.get("PROXY_PASSWORD", "changeme")
 config["age_limit"] = int(os.environ.get('AGE_LIMIT', 0))
 config["no_auth"] = config["auth"]["username"] == "changeme" and config["auth"]["password"] == "changeme"
 config["only_host_ip"] = os.environ.get("ONLY_HOST_IP", False)
diff --git a/cloudproxy/providers/user_data.sh b/cloudproxy/providers/user_data.sh
@@ -24,7 +24,7 @@ Allow 127.0.0.1
 ViaProxyName "tinyproxy"
 ConnectPort 443
 ConnectPort 563
-BasicAuth username password
+BasicAuth PROXY_USERNAME PROXY_PASSWORD
 EOF
 
 # Setup firewall
diff --git a/tests/test_main.py b/tests/test_main.py
@@ -6,6 +6,9 @@
 
 # Configure test environment
 os.environ["DIGITALOCEAN_ENABLED"] = "false"
+os.environ["PROXY_USERNAME"] = "test_user"
+os.environ["PROXY_PASSWORD"] = "test_pass"
+os.environ["ONLY_HOST_IP"] = "False"
 
 # Create test client
 # Note: The HTTPX deprecation warning is internal to the library and doesn't affect functionality
@@ -19,6 +22,11 @@
 config["providers"]["digitalocean"]["size"] = "s-1vcpu-1gb"
 config["providers"]["digitalocean"]["region"] = "lon1"
 
+# Update auth config with test values
+config["auth"]["username"] = os.environ["PROXY_USERNAME"]
+config["auth"]["password"] = os.environ["PROXY_PASSWORD"]
+config["no_auth"] = False
+
 
 def test_read_root():
     response = client.get("/")
