While developing an app supporting Basic Authentication for HTTP connections, I required a test environment with a web server utilizing HTTP Basic Authentication.
I created a restricted page using Docker-containerized Nginx.
Follow the three steps below to authenticate using Basic Authentication.
- Create the web server.
- Upload the password file.
- Configure the restricted URL.
Step 1: Create the Web Server
Create the web server. We can use Nginx, which is containerized with Docker. For how to containerize Nginx with Docker, see the following article.
The configuration file needs customization. Copy the nginx.conf
and default.conf
files from the container to the directory containing the Dockerfile
. For your reference, see the following article.
Create the content-home/autharea/index.html
file to make a restricted URL to http://localhost:8080/autharea
. The file’s contents are the following because we only want to check if the page is acceptable.
<!DOCTYPE html>
<html lang="ja">
<head>
<meta charset="utf-8" />
<title>Authorized Area</title>
</head>
<body>
<p>Here is an Authorized Area.</p>
</body>
</html>
Step2: Upload the Password File
The password file is necessary for implementing HTTP Basic Authentication restrictions. It contains account information. Create the password file generator script and copy it on Docker image building.
About the Password File
The password file is a plain text file. Each line is an account. Write an account in the following form, and save it at the path /etc/nginx/.htpasswd
.
UserName:Password
The password should not be a plain string but a hash. The openssl
can generate it.
% openssl passwd -crypt Password
The Password File Generator Script
Create the generator script. Place the gen_htpasswd
file into the directory containing the Dockerfile
and input the following script.
#!/bin/bash
USER_NAME=testuser
PASSWD=testpasss
CRYPTPASS=`openssl passwd -crypt ${PASSWD}`
echo "${USER_NAME}:${CRYPTPASS}" >> /etc/nginx/.htpasswd
This script creates an account named testuser
with the password testpass
.
Execute the Generator Script
Configure the settings to execute the generator script during the Docker image build process. Input the following script into the Dockerfile
created in Step 1.
FROM nginx:1.23
COPY nginx.conf /etc/nginx
COPY default.conf /etc/nginx/conf.d
COPY gen_htpasswd /etc/nginx
RUN apt update
RUN apt install -y openssl
RUN /etc/nginx/gen_htpasswd
The additional script is the following.
COPY gen_htpasswd /etc/nginx
RUN apt update
RUN apt install -y openssl
RUN /etc/nginx/gen_htpasswd
The steps performed by this script are as follows.
- Copy the
gen_htpasswd
file into the/etc/nginx
directory. - Install
openssl
withapt
. - Execute the
gen_htpasswd
script.
Step 3: Configure the Restricted URL
Specify the URL that HTTP Basic Authentication restricts. Insert location /autharea
after location /
in the default.conf
file, created in Step 1.
server {
# Omission
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /autharea {
root /usr/share/nginx/html;
index index.html index.htm;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# Omission
}
The /autharea
is a restricted URL. In this case, the following URL is restricted.
http://localhost:8080/autharea
For example, if you change /autharea
to /member
, the restricted URL will follow.
http://localhost:8080/member
Test
Let’s test by running the container. The docker-compose
command builds this image.
% docker-compose build
Run the container.
% docker-compose up -d
Open http://localhost:8080/autharea/
in your web browser. It will display the authentication dialog.
Input an invalid account and confirm that the authentication is denied. Next, enter the valid account and confirm that the authentication is authorized.