Uses htpasswd.
$ docker build -t quay.io/app-sre/nginx-gate .
Given the user foo
and the password bar
, there are two ways to inject the
credentials:
- Give the container the htpasswd content:
$ htpasswd -bn foo bar
foo:$apr1$00xPWwOg$sQRfZdrPbGiYz/qUPA8hX1
$ docker run --rm -it -e HTPASSWD='foo:$apr1$00xPWwOg$sQRfZdrPbGiYz/qUPA8hX1' -e FORWARD_HOST=example.com -p 8080:8080 ng
- Give the container the username and password:
$ docker run --rm -it -e BASIC_AUTH_USERNAME='foo' -e BASIC_AUTH_PASSWORD='bar' -e FORWARD_HOST=example.com -p 8080:8080 ng
Note: When provided, BASIC_AUTH_USERNAME
and BASIC_AUTH_PASSWORD
will
have precedence over the HTPASSWD
environment variable.
To disable authentication for the pod, use the env variable BASIC_AUTH_DISABLE=true
We allow an optional METRICS_PATH
which will allow unauthenticated querying.
This can be useful to easily expose metrics for prometheus.
A docker compose stack is provided that can be used to verify paths are forwarded as expected. The compose stack starts multiple config flavors of the gate in parallel on different ports.
make compose