From 768d7b8ee6a0934e27b5b1a907d765c4c37ec93a Mon Sep 17 00:00:00 2001 From: Pavle Date: Sat, 23 Nov 2024 18:36:22 +0100 Subject: [PATCH 1/2] include example docker-compose, nginx.conf Signed-off-by: Pavle --- Dockerfile | 4 +-- default.conf | 65 ++++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 15 +++++++++++ 3 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 default.conf create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 9432f71..9e7b6a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,11 @@ RUN mkdir -p /app/node_modules && chown -R node:node /app WORKDIR /app -COPY --chown=node:node package.json yarn.lock ./ +COPY --chown=node:node package.json ./ USER node -RUN yarn install +RUN npm install COPY --chown=node:node public public COPY --chown=node:node views views diff --git a/default.conf b/default.conf new file mode 100644 index 0000000..c7efe00 --- /dev/null +++ b/default.conf @@ -0,0 +1,65 @@ +server { + listen 80; + listen [::]:80; + server_name _; + + # optional: + # internal redirect to /login if there is a auth failure, delete or comment this out if you don't want this behaviour and just show a generic 401 error + error_page 401 /login; + + location / { + auth_request /auth; + + # pass Set-Cookie headers from the subrequest response back to requestor + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + + auth_request_set $auth_status $upstream_status; + + root /usr/share/nginx/html; + try_files /index.html index index.htm; + } + + location = /auth { + # internaly only, /auth can not be accessed from outside + internal; + + # internal proxy to auth-server running on port 3000, responses expected from proxy: + # 2xx response = access allowed via auth_request + # 401 or 403 response = access denied via auth_request + # anything else = error + proxy_pass http://auth-server:3000; + + # don't pass request body to proxied server, we only need the headers which are passed on by default + proxy_pass_request_body off; + + # there is no content length since we stripped the request body + proxy_set_header Content-Length ""; + + # let proxy server know more details of request + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + } + + # these are handled by the proxy as part of the auth routines + location ~ ^/(login|logged-in|logout)$ { + proxy_pass http://auth-server:3000; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + } + + # this CSS is used by the three requests above and is served by the proxy + location ~* ^/(auth_style\.css|auth_padlock\.svg)$ { + proxy_pass http://auth-server:3000; + } + + # optional location block + # if you have other location blocks, be sure to add auth_request there too otherwise these requests won't get protected, for example + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires 90d; + log_not_found off; + auth_request /auth; + } +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..8f5e14f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,15 @@ +services: + nginx: + image: nginx + container_name: nginx-auth + volumes: + - ./default.conf:/etc/nginx/conf.d/default.conf + ports: + - 80:80 + + auth-server: + build: ./ + container_name: auth-server + environment: + - AUTH_PASSWORD=test + - AUTH_TOKEN_SECRET=verysecret From d361b8c3422d109c4311ffadfb4bcfa76a64a654 Mon Sep 17 00:00:00 2001 From: Pavle <17710777+dpavle@users.noreply.github.com> Date: Sat, 23 Nov 2024 18:43:00 +0100 Subject: [PATCH 2/2] Update README.md --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index e0030e8..8ce6733 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,13 @@ sudo docker build -t auth-server . sudo docker run -it -p 3000:3000 -e AUTH_PASSWORD=test -e AUTH_TOKEN_SECRET=verysecret auth-server ``` + +### Docker Compose + +```sh +docker compose up +``` + ## Example NGINX conf Use the following in our NGINX server conf. You should change the port number (default of `3000`) to match the port number you are running the auth server on.