nginx includes auth_enabled.conf, (re)written at container start from BASIC_AUTH_USER/PASSWORD (htpasswd via apache2-utils). Both set => the site + /api require a shared login; unset => open (local dev not locked out). Set both on the Coolify web service to protect the deployment.
17 lines
647 B
Docker
17 lines
647 B
Docker
FROM node:22-alpine AS build
|
|
WORKDIR /app
|
|
COPY package.json pnpm-lock.yaml* ./
|
|
RUN corepack enable && pnpm install --frozen-lockfile
|
|
COPY . .
|
|
RUN pnpm build
|
|
|
|
FROM nginx:alpine
|
|
# apache2-utils provides htpasswd; auth_enabled.conf is included by nginx.conf
|
|
# and (re)written at start by the entrypoint hook — default empty = no auth.
|
|
RUN apk add --no-cache apache2-utils && touch /etc/nginx/auth_enabled.conf
|
|
COPY --from=build /app/dist /usr/share/nginx/html
|
|
COPY nginx.conf /etc/nginx/conf.d/default.conf
|
|
COPY docker-entrypoint.d/40-basic-auth.sh /docker-entrypoint.d/40-basic-auth.sh
|
|
RUN chmod +x /docker-entrypoint.d/40-basic-auth.sh
|
|
EXPOSE 80
|