henry/football-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add nginx HTTP Basic Auth for production

Browse Source 
A custom entrypoint generates /etc/nginx/.htpasswd at container startup
from AUTH_USER and AUTH_PASSWORD env vars (via openssl). No credentials
are baked into the image. Pass AUTH_USER and AUTH_PASSWORD in docker-compose.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
henry
2026-03-27 05:49:29 +01:00
parent 2217489c15
commit 29db643407
5 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@@ -3,3 +3,7 @@ FOOTBALL_API_KEY=your_api_key_here
# Only needed for local development (npm run dev) # Only needed for local development (npm run dev)
VITE_FOOTBALL_API_KEY=your_api_key_here VITE_FOOTBALL_API_KEY=your_api_key_here
# Basic auth credentials (production only)
AUTH_USER=henry
AUTH_PASSWORD=your_password_here

7
Dockerfile
View File

@@ -19,4 +19,11 @@ COPY --from=builder /app/dist /usr/share/nginx/html
# files at startup, producing /etc/nginx/conf.d/default.conf # files at startup, producing /etc/nginx/conf.d/default.conf
COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template
# Custom entrypoint: generates .htpasswd from AUTH_USER/AUTH_PASSWORD, then
# hands off to the official nginx entrypoint
COPY docker-entrypoint.sh /docker-entrypoint-custom.sh
RUN chmod +x /docker-entrypoint-custom.sh
EXPOSE 80 EXPOSE 80
ENTRYPOINT ["/docker-entrypoint-custom.sh"]
CMD ["nginx", "-g", "daemon off;"]

2
docker-compose.yml
View File

@@ -6,3 +6,5 @@ services:
- "3000:80" - "3000:80"
environment: environment:
- FOOTBALL_API_KEY=${FOOTBALL_API_KEY} - FOOTBALL_API_KEY=${FOOTBALL_API_KEY}
- AUTH_USER=${AUTH_USER}
- AUTH_PASSWORD=${AUTH_PASSWORD}

13
docker-entrypoint.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
set -e
# Generate .htpasswd from environment variables
if [ -z "$AUTH_USER" ] || [ -z "$AUTH_PASSWORD" ]; then
echo "ERROR: AUTH_USER and AUTH_PASSWORD must be set" >&2
exit 1
fi
echo "${AUTH_USER}:$(openssl passwd -apr1 "${AUTH_PASSWORD}")" > /etc/nginx/.htpasswd
# Hand off to the official nginx entrypoint (runs envsubst on *.template files)
exec /docker-entrypoint.sh "$@"

3
nginx/default.conf.template
View File

@@ -3,6 +3,9 @@ server {
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.html; index index.html;
auth_basic "Football App";
auth_basic_user_file /etc/nginx/.htpasswd;
# Proxy /api/* → football-data.org, injecting the API key server-side # Proxy /api/* → football-data.org, injecting the API key server-side
location /api/ { location /api/ {
proxy_pass https://api.football-data.org/v4/; proxy_pass https://api.football-data.org/v4/;