3 Steps to Basic Authentication with Docker+Nginx

While developing an app supporting Basic Authentication for HTTP connections, I required a test environment with a web server utilizing HTTP Basic Authentication.

I created a restricted page using Docker-containerized Nginx.

Follow the three steps below to authenticate using Basic Authentication.

  1. Create the web server.
  2. Upload the password file.
  3. Configure the restricted URL.
目次

Step 1: Create the Web Server

Create the web server. We can use Nginx, which is containerized with Docker. For how to containerize Nginx with Docker, see the following article.

The configuration file needs customization. Copy the nginx.conf and default.conf files from the container to the directory containing the Dockerfile. For your reference, see the following article.

Create the content-home/autharea/index.html file to make a restricted URL to http://localhost:8080/autharea. The file’s contents are the following because we only want to check if the page is acceptable.

<!DOCTYPE html>
<html lang="ja">
<head>
	<meta charset="utf-8" />
	<title>Authorized Area</title>
</head>
<body>
	<p>Here is an Authorized Area.</p>
</body>
</html>

Step2: Upload the Password File

The password file is necessary for implementing HTTP Basic Authentication restrictions. It contains account information. Create the password file generator script and copy it on Docker image building.

About the Password File

The password file is a plain text file. Each line is an account. Write an account in the following form, and save it at the path /etc/nginx/.htpasswd.

UserName:Password

The password should not be a plain string but a hash. The openssl can generate it.

% openssl passwd -crypt Password

The Password File Generator Script

Create the generator script. Place the gen_htpasswd file into the directory containing the Dockerfile and input the following script.

#!/bin/bash

USER_NAME=testuser
PASSWD=testpasss
CRYPTPASS=`openssl passwd -crypt ${PASSWD}`

echo "${USER_NAME}:${CRYPTPASS}" >> /etc/nginx/.htpasswd

This script creates an account named testuser with the password testpass.

Execute the Generator Script

Configure the settings to execute the generator script during the Docker image build process. Input the following script into the Dockerfile created in Step 1.

FROM nginx:1.23

COPY nginx.conf /etc/nginx
COPY default.conf /etc/nginx/conf.d
COPY gen_htpasswd /etc/nginx

RUN apt update
RUN apt install -y openssl

RUN /etc/nginx/gen_htpasswd

The additional script is the following.

COPY gen_htpasswd /etc/nginx

RUN apt update
RUN apt install -y openssl

RUN /etc/nginx/gen_htpasswd

The steps performed by this script are as follows.

  1. Copy the gen_htpasswd file into the /etc/nginx directory.
  2. Install openssl with apt.
  3. Execute the gen_htpasswd script.

Step 3: Configure the Restricted URL

Specify the URL that HTTP Basic Authentication restricts. Insert location /autharea after location / in the default.conf file, created in Step 1.

server {
# Omission

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    
    location /autharea {
    	root	/usr/share/nginx/html;
    	index	index.html index.htm;
    	auth_basic	"Restricted";
    	auth_basic_user_file	/etc/nginx/.htpasswd;
    }

# Omission
}

The /autharea is a restricted URL. In this case, the following URL is restricted.

http://localhost:8080/autharea

For example, if you change /autharea to /member, the restricted URL will follow.

http://localhost:8080/member

Test

Let’s test by running the container. The docker-compose command builds this image.

% docker-compose build

Run the container.

% docker-compose up -d

Open http://localhost:8080/autharea/ in your web browser. It will display the authentication dialog.

Basic authentication dialog in Safari
Basic authentication dialog in Safari

Input an invalid account and confirm that the authentication is denied. Next, enter the valid account and confirm that the authentication is authorized.

著書紹介

Authored Books

よかったらシェアしてね!
  • URLをコピーしました!
  • URLをコピーしました!

この記事を書いた人

Akira Hayashi (林 晃)のアバター Akira Hayashi (林 晃) Representative(代表), Software Engineer(ソフトウェアエンジニア)

アールケー開発代表。Appleプラットフォーム向けの開発を専門としているソフトウェアエンジニア。ソフトウェアの受託開発、技術書執筆、技術指導・セミナー講師。note, Medium, LinkedIn
-
Representative of RK Kaihatsu. Software Engineer Specializing in Development for the Apple Platform. Specializing in contract software development, technical writing, and serving as a tech workshop lecturer. note, Medium, LinkedIn

目次