Sidekiq WebUI Access Control
Sidekiq built-in webui is simple and useful. We would like to take the advantage of that instead of reinventing the wheel. Sidekiq recommends for a bare Rack app, a session middleware before Sidekiq::Web
in config/routes.rb
should be used (reference). And then enable the sessions using session middlewares as introduced in Rails API Doc .
But the problem is that when the app is built in the cloud, it's open to everyone who knows the Rails api backend link. We need a way to prevent that.
We ended up using an environmental variable appending at the end of the URL, so the access URL becomes a secret. The code is like this:
map "/sidekiq/#{ENV['SIDEKIQ_variable']}" do
use Rack::Session::Cookie, secret: ENV['SIDEKIQ_variable'], same_site: true, max_age: 86400
run Sidekiq::Web
end
There are probably better ways to solve this. If you happen to know, please leave a comment. For now, this satisfies our needs.