Added Http Basic Auth for reverse proxies.

Author: Steffen Bleul

Dockerfile

@@ -19,7 +19,8 @@ RUN export CONTAINER_USER=nginx && \
     apk add --update \
       ca-certificates \
       curl \
-      openssl && \
+      openssl \
+      apache2-utils && \
     if  [ "${NGINX_VERSION}" = "latest" ]; \
       then apk add nginx ; \
       else apk add "nginx=${NGINX_VERSION}" ; \

README.md

@@ -306,6 +306,44 @@ $ docker run -d \
 
 > LETSENCRYPT_CERTIFICATES switches on special configuration for their certificates.
 
+# Basic User Authentification
+
+You can password protect any reverse proxy. Additionally you can specify an arbitrary amount of users.
+
+Example of specifying a user `admin` with password `admin` for the first reverse proxy:
+
+~~~~
+docker run -d \
+    -p 80:80 \
+    --name nginx \
+    -e "SERVER1REVERSE_PROXY_LOCATION1=/" \
+    -e "SERVER1REVERSE_PROXY_PASS1=http://www.heise.de" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH_REALM1=Secure Location" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1USER1=admin" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1PASSWORD1=admin" \
+    blacklabelops/nginx
+~~~~
+
+> Access to http://localhost will be now password protected with user `admin` and password `admin`.
+
+Multiple users:
+
+~~~~
+docker run -d \
+    -p 80:80 \
+    --name nginx \
+    -e "SERVER1REVERSE_PROXY_LOCATION1=/" \
+    -e "SERVER1REVERSE_PROXY_PASS1=http://www.heise.de" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH_REALM1=Secure Location" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1USER1=admin1" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1PASSWORD1=admin1" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1USER2=admin2" \
+    -e "SERVER1REVERSE_PROXY_BASIC_AUTH1PASSWORD2=admin2" \
+    blacklabelops/nginx
+~~~~
+
+> Access to http://localhost are both enabled for user `admin1` and user `admin2`.
+
 # Build The Image
 
 The build process can take the following argument:

imagescripts/reverse_proxy.sh

@@ -99,6 +99,22 @@ _EOF_
   done
 }
 
+function createBasicAuthFile() {
+  local reverse_proxy_basic_auth_id=$1
+  local passwd_file=$2
+  for (( u=1; ; u++ ))
+  do
+    local VAR_BASIC_AUTH_USER="${reverse_proxy_basic_auth_id}USER${u}"
+    local VAR_BASIC_AUTH_PASSWORD="${reverse_proxy_basic_auth_id}PASSWORD${u}"
+    if [ ! -n "${!VAR_BASIC_AUTH_USER}" ]; then
+      break
+    fi
+    local BASIC_AUTH_USER="${!VAR_BASIC_AUTH_USER}"
+    local BASIC_AUTH_PASSWORD="${!VAR_BASIC_AUTH_PASSWORD}"
+    htpasswd -b $passwd_file $BASIC_AUTH_USER $BASIC_AUTH_PASSWORD
+  done
+}
+
 for (( i=1; ; i++ ))
 do
   VAR_REVERSE_PROXY_LOCATION="$1REVERSE_PROXY_LOCATION$i"
@@ -109,6 +125,7 @@ do
   VAR_REVERSE_PROXY_HOST="$1SERVER_NAME"
   VAR_PROXY_APPLICATION="$1PROXY_APPLICATION"
   VAR_PROXY_APPLICATION_PROXY="$1REVERSE_PROXY_APPLICATION$i"
+  VAR_REVERSE_PROXY_BASIC_AUTH_REALM="$1REVERSE_PROXY_BASIC_AUTH_REALM$i"
 
   if [ ! -n "${!VAR_REVERSE_PROXY_LOCATION}" ]; then
     break
@@ -125,6 +142,7 @@ do
   NGINX_PROXY_HOST=${!VAR_REVERSE_PROXY_HOST}
   NGINX_PROXY_APPLICATION=${!VAR_PROXY_APPLICATION}
   NGINX_PROXY_APPLICATION_PROXY=${!VAR_PROXY_APPLICATION_PROXY}
+  NGINX_PROXY_BASIC_AUTH_REALM=${!VAR_REVERSE_PROXY_BASIC_AUTH_REALM}
 
   if [ -n "${NGINX_PROXY_APPLICATION_PROXY}" ]; then
     NGINX_PROXY_APPLICATION=${NGINX_PROXY_APPLICATION_PROXY}
@@ -148,6 +166,16 @@ _EOF_
     setProxyHeaderFields
   fi
 
+  if [ -n "${NGINX_PROXY_BASIC_AUTH_REALM}" ]; then
+    htpasswd_file=$configFileReverseProxy/htpasswd_reverse_proxy$i
+    touch $htpasswd_file
+    cat >> $configFileReverseProxy/reverseProxy.conf <<_EOF_
+          auth_basic "${NGINX_PROXY_BASIC_AUTH_REALM}";
+          auth_basic_user_file ${htpasswd_file};
+_EOF_
+    createBasicAuthFile "$1REVERSE_PROXY_BASIC_AUTH${i}" $htpasswd_file
+  fi
+
   if [ -n "${NGINX_PROXY_BUFFERING}" ]; then
     cat >> $configFileReverseProxy/reverseProxy.conf <<_EOF_
           proxy_buffering ${NGINX_PROXY_BUFFERING};