Sidekiq WebUI Access Control

Sidekiq built-in webui is simple and useful. We would like to take the advantage of that instead of reinventing the wheel. Sidekiq recommends for a bare Rack app, a session middleware before Sidekiq::Web in config/routes.rb should be used (reference). And then enable the sessions using session middlewares as introduced in Rails API Doc .

But the problem is that when the app is built in the cloud, it's open to everyone who knows the Rails api backend link. We need a way to prevent that.

We ended up using an environmental variable appending at the end of the URL, so the access URL becomes a secret. The code is like this:

map "/sidekiq/#{ENV['SIDEKIQ_variable']}" do
  use Rack::Session::Cookie, secret: ENV['SIDEKIQ_variable'], same_site: true, max_age: 86400
  run Sidekiq::Web
end

There are probably better ways to solve this. If you happen to know, please leave a comment. For now, this satisfies our needs.

Sidekiq WebUI Access Control

Written by:

Wendy Yang