feat(auth): optional HTTP Basic Auth for the whole site
nginx includes auth_enabled.conf, (re)written at container start from BASIC_AUTH_USER/PASSWORD (htpasswd via apache2-utils). Both set => the site + /api require a shared login; unset => open (local dev not locked out). Set both on the Coolify web service to protect the deployment.
This commit is contained in:
16
docker-entrypoint.d/40-basic-auth.sh
Normal file
16
docker-entrypoint.d/40-basic-auth.sh
Normal file
@@ -0,0 +1,16 @@
|
||||
#!/bin/sh
|
||||
# Toggle HTTP Basic Auth for the whole site from env at container start.
|
||||
# Runs via nginx:alpine's /docker-entrypoint.d/ hook, before nginx starts.
|
||||
set -e
|
||||
|
||||
if [ -n "$BASIC_AUTH_USER" ] && [ -n "$BASIC_AUTH_PASSWORD" ]; then
|
||||
htpasswd -bc /etc/nginx/.htpasswd "$BASIC_AUTH_USER" "$BASIC_AUTH_PASSWORD" >/dev/null 2>&1
|
||||
cat > /etc/nginx/auth_enabled.conf <<EOF
|
||||
auth_basic "photofetch";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
EOF
|
||||
echo "[entrypoint] basic auth ENABLED (user: $BASIC_AUTH_USER)"
|
||||
else
|
||||
: > /etc/nginx/auth_enabled.conf
|
||||
echo "[entrypoint] basic auth disabled (set BASIC_AUTH_USER + BASIC_AUTH_PASSWORD to enable)"
|
||||
fi
|
||||
Reference in New Issue
Block a user