How to Password-Protect My /Sidekiq Route (I.E. Require Authentication for the Sidekiq::Web Tool)

How can I password-protect my /sidekiq route (i.e. require authentication for the Sidekiq::Web tool)?

Put the following into your sidekiq initializer

require 'sidekiq'
require 'sidekiq/web'

Sidekiq::Web.use(Rack::Auth::Basic) do |user, password|
  # Protect against timing attacks:
  # - See https://codahale.com/a-lesson-in-timing-attacks/
  # - See https://thisdata.com/blog/timing-attacks-against-string-comparison/
  # - Use & (do not use &&) so that it doesn't short circuit.
  # - Use digests to stop length information leaking
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(user), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_USER"])) &
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(password), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_PASSWORD"]))
end

And in the routes file:

mount Sidekiq::Web => '/sidekiq'

Rails 5 Protect Sidekiq UI

I stumbled across this page that outlines how to secure the Web UI with Devise:

Devise

Allow any authenticated User

# Allow any user access
authenticate :user do
  mount Sidekiq::Web => '/sidekiq'
end

# Allow only admin users
authenticate :user, lambda { |u| u.admin? } do
  mount Sidekiq::Web => '/sidekiq'
end

I've confirmed that this works with Rails 5.1 and Devise 4.3.

Sidekiq freezes application

The issue was in Redis config. It used Sentinel, turning Sentinel off for the development solved it.

how to detach sidekiq process once started in terminal

The right answer is lower case -d:

bundle exec sidekiq -d -q mailer,5 -q default -e production

sidekiq --help will list the options:

-d, --daemon                     Daemonize process

When running -d option, sidekiq will ask for a log file, so the complete command is:

bundle exec sidekiq -d -L sidekiq.log -q mailer,5 -q default -e production

---

Related Topics