├── Dockerfile
├── LICENSE
├── README.md
├── entrypoint
└── nginx.conf


/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM gliderlabs/alpine:3.1
2 | RUN apk-install nginx apache2-utils
3 | RUN mkdir -p /tmp/nginx/client-body
4 | COPY ./entrypoint /bin/entrypoint
5 | COPY ./nginx.conf /etc/nginx/nginx.conf
6 | EXPOSE 80
7 | CMD ["/bin/entrypoint"]
8 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2015, Jeff Lindsay
 2 | All rights reserved.
 3 | 
 4 | Redistribution and use in source and binary forms, with or without
 5 | modification, are permitted provided that the following conditions are met:
 6 | 
 7 | * Redistributions of source code must retain the above copyright notice, this
 8 |   list of conditions and the following disclaimer.
 9 | 
10 | * Redistributions in binary form must reproduce the above copyright notice,
11 |   this list of conditions and the following disclaimer in the documentation
12 |   and/or other materials provided with the distribution.
13 | 
14 | * Neither the name of consul-access nor the names of its
15 |   contributors may be used to endorse or promote products derived from
16 |   this software without specific prior written permission.
17 | 
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | 
29 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # consul-access
 2 | 
 3 | Lightweight password protection to Consul HTTP using Nginx.
 4 | 
 5 | ## Using consul-access
 6 | 
 7 | Simply link against a running Consul container using the alias `consul` and provide a username and password with the `HTPASSWD` environment variable:
 8 | 
 9 | 	$ docker pull progrium/consul-access
10 | 	$ docker run -d \
11 | 		--link consul:consul \
12 | 		--env "HTPASSWD=<username> <password>" \
13 | 		--publish 80:80
14 | 		progrium/consul-access
15 | 
16 | If you're running Consul in `--net=host` mode, you can just set the IP manually with `--add-host`:
17 | 
18 | 	$ docker run -d \
19 | 		--add-host consul:<consul ip> \
20 | 		--env "HTPASSWD=<username> <password>" \
21 | 		--publish 80:80
22 | 		progrium/consul-access
23 | 
24 | ## Security
25 | 
26 | Since HTTP [Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is used, you should only access this behind SSL otherwise your password is transmitted unencrypted.
27 | 
28 | ## License
29 | 
30 | BSD
31 | 


--------------------------------------------------------------------------------
/entrypoint:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | htpasswd -bc /etc/nginx/htpasswd $HTPASSWD
3 | exec /usr/sbin/nginx
4 | 


--------------------------------------------------------------------------------
/nginx.conf:
--------------------------------------------------------------------------------
 1 | daemon off;
 2 | worker_processes  1;
 3 | 
 4 | events {
 5 |     worker_connections  1024;
 6 | }
 7 | 
 8 | http {
 9 |     include       mime.types;
10 |     default_type  application/octet-stream;
11 | 
12 |     sendfile        on;
13 |     keepalive_timeout  65;
14 | 
15 |     server {
16 |         listen       80;
17 |         server_name  localhost;
18 | 
19 |         auth_basic           "consul";
20 |     	auth_basic_user_file /etc/nginx/htpasswd;
21 | 
22 |         location / {
23 |     		proxy_pass       http://consul:8500;
24 | 		}
25 |     }
26 | }
27 | 


--------------------------------------------------------------------------------