├── .dockerignore ├── Dockerfile ├── LICENSE ├── README.md ├── docker-compose.yml └── files ├── nginx.conf.tmpl └── run.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !Dockerfile 3 | !files/run.sh 4 | !files/nginx.conf.tmpl 5 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:1.11.9-alpine 2 | 3 | # for htpasswd command 4 | RUN apk add --no-cache --update \ 5 | apache2-utils 6 | RUN rm -f /etc/nginx/conf.d/* 7 | 8 | ENV SERVER_NAME example.com 9 | ENV PORT 80 10 | ENV CLIENT_MAX_BODY_SIZE 1m 11 | ENV PROXY_READ_TIMEOUT 60s 12 | ENV WORKER_PROCESSES auto 13 | 14 | COPY files/run.sh / 15 | COPY files/nginx.conf.tmpl / 16 | 17 | # use SIGQUIT for graceful shutdown 18 | # c.f. http://nginx.org/en/docs/control.html 19 | STOPSIGNAL SIGQUIT 20 | 21 | ENTRYPOINT ["/run.sh"] 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Daisuke Fujita 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker image of Nginx Proxy with Basic Auth 2 | 3 | [![Docker Repository on Quay](https://quay.io/repository/dtan4/nginx-basic-auth-proxy/status "Docker Repository on Quay")](https://quay.io/repository/dtan4/nginx-basic-auth-proxy) 4 | 5 | Simple HTTP Proxy with Basic Authentication 6 | 7 | ``` 8 | w/ user:pass +------------------------+ +-------------+ 9 | User ---------------> | nginx-basic-auth-proxy | ---> | HTTP Server | 10 | +------------------------+ +-------------+ 11 | ``` 12 | 13 | ## Run 14 | 15 | ```bash 16 | $ docker run \ 17 | --rm \ 18 | --name nginx-basic-auth-proxy \ 19 | -p 8080:80 \ 20 | -p 8090:8090 \ 21 | -e BASIC_AUTH_USERNAME=username \ 22 | -e BASIC_AUTH_PASSWORD=password \ 23 | -e PROXY_PASS=https://www.google.com \ 24 | -e SERVER_NAME=proxy.dtan4.net \ 25 | -e PORT=80 \ 26 | quay.io/dtan4/nginx-basic-auth-proxy 27 | ``` 28 | 29 | Access to http://localhost:8080 , then browser asks you username and password. 30 | 31 | You can also try complete HTTP-proxy example using Docker Compose. 32 | hello-world web application cannot be accessed without authentication. 33 | 34 | ```bash 35 | $ docker-compose up 36 | # http://localhost:8080/ 37 | # - Username: username 38 | # - Password: password 39 | ``` 40 | 41 | ### Endpoint for monitoring 42 | 43 | `:8090/nginx_status` returns the metrics of Nginx. 44 | 45 | ```sh-session 46 | $ curl localhost:8090/nginx_status 47 | Active connections: 1 48 | server accepts handled requests 49 | 8 8 8 50 | Reading: 0 Writing: 1 Waiting: 0 51 | ``` 52 | 53 | ## Environment variables 54 | 55 | ### Required 56 | 57 | |Key|Description| 58 | |---|---| 59 | |`BASIC_AUTH_USERNAME`|Basic auth username| 60 | |`BASIC_AUTH_PASSWORD`|Basic auth password| 61 | |`PROXY_PASS`|Proxy destination URL| 62 | 63 | ### Optional 64 | 65 | |Key|Description|Default| 66 | |---|---|---| 67 | |`SERVER_NAME`|Value for `server_name` directive|`example.com`| 68 | |`PORT`|Value for `listen` directive|`80`| 69 | |`CLIENT_MAX_BODY_SIZE`|Value for `client_max_body_size` directive|`1m`| 70 | |`PROXY_READ_TIMEOUT`|Value for `proxy_read_timeout` directive|`60s`| 71 | |`WORKER_PROCESSES`|Value for `worker_processes` directive|`auto`| 72 | 73 | ## Author 74 | 75 | Daisuke Fujita ([@dtan4](https://github.com/dtan4)) 76 | 77 | ## License 78 | 79 | [![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE) 80 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | web: 4 | image: tutum/hello-world:latest 5 | nginx: 6 | image: quay.io/dtan4/nginx-basic-auth-proxy:latest 7 | ports: 8 | - 8080:80 9 | - 8090:8090 10 | environment: 11 | - BASIC_AUTH_USERNAME=username 12 | - BASIC_AUTH_PASSWORD=password 13 | - PROXY_PASS=http://web/ 14 | -------------------------------------------------------------------------------- /files/nginx.conf.tmpl: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes ##WORKER_PROCESSES##; 3 | 4 | error_log /dev/stdout info; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | access_log /dev/stdout; 13 | 14 | server { 15 | listen ##PORT##; 16 | server_name ##SERVER_NAME##; 17 | 18 | client_max_body_size ##CLIENT_MAX_BODY_SIZE##; 19 | proxy_read_timeout ##PROXY_READ_TIMEOUT##; 20 | 21 | include /etc/nginx/conf.d/*.conf; 22 | 23 | location / { 24 | proxy_pass ##PROXY_PASS##; 25 | auth_basic "Restricted"; 26 | auth_basic_user_file /etc/nginx/.htpasswd; 27 | 28 | proxy_set_header X-Forwarded-Host $host; 29 | # Do not pass Authorization header to destination 30 | proxy_set_header Authorization ""; 31 | } 32 | } 33 | 34 | server { 35 | listen 8090; 36 | 37 | location /nginx_status { 38 | stub_status on; 39 | access_log off; 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /files/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ -z $BASIC_AUTH_USERNAME ]; then 6 | echo >&2 "BASIC_AUTH_USERNAME must be set" 7 | exit 1 8 | fi 9 | 10 | if [ -z $BASIC_AUTH_PASSWORD ]; then 11 | echo >&2 "BASIC_AUTH_PASSWORD must be set" 12 | exit 1 13 | fi 14 | 15 | if [ -z $PROXY_PASS ]; then 16 | echo >&2 "PROXY_PASS must be set" 17 | exit 1 18 | fi 19 | 20 | htpasswd -bBc /etc/nginx/.htpasswd $BASIC_AUTH_USERNAME $BASIC_AUTH_PASSWORD 21 | sed \ 22 | -e "s/##CLIENT_MAX_BODY_SIZE##/$CLIENT_MAX_BODY_SIZE/g" \ 23 | -e "s/##PROXY_READ_TIMEOUT##/$PROXY_READ_TIMEOUT/g" \ 24 | -e "s/##WORKER_PROCESSES##/$WORKER_PROCESSES/g" \ 25 | -e "s/##SERVER_NAME##/$SERVER_NAME/g" \ 26 | -e "s/##PORT##/$PORT/g" \ 27 | -e "s|##PROXY_PASS##|$PROXY_PASS|g" \ 28 | nginx.conf.tmpl > /etc/nginx/nginx.conf 29 | 30 | exec nginx -g "daemon off;" 31 | --------------------------------------------------------------------------------