nginx includes auth_enabled.conf, (re)written at container start from BASIC_AUTH_USER/PASSWORD (htpasswd via apache2-utils). Both set => the site + /api require a shared login; unset => open (local dev not locked out). Set both on the Coolify web service to protect the deployment.
17 lines
648 B
Bash
17 lines
648 B
Bash
#!/bin/sh
|
|
# Toggle HTTP Basic Auth for the whole site from env at container start.
|
|
# Runs via nginx:alpine's /docker-entrypoint.d/ hook, before nginx starts.
|
|
set -e
|
|
|
|
if [ -n "$BASIC_AUTH_USER" ] && [ -n "$BASIC_AUTH_PASSWORD" ]; then
|
|
htpasswd -bc /etc/nginx/.htpasswd "$BASIC_AUTH_USER" "$BASIC_AUTH_PASSWORD" >/dev/null 2>&1
|
|
cat > /etc/nginx/auth_enabled.conf <<EOF
|
|
auth_basic "photofetch";
|
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
|
EOF
|
|
echo "[entrypoint] basic auth ENABLED (user: $BASIC_AUTH_USER)"
|
|
else
|
|
: > /etc/nginx/auth_enabled.conf
|
|
echo "[entrypoint] basic auth disabled (set BASIC_AUTH_USER + BASIC_AUTH_PASSWORD to enable)"
|
|
fi
|