Add HTTPs + HTTP basic auth

This commit adds support: * HTTPs (using self-signed for testing purposes) * Basic authentication This is mostly for dev/testing purposes.
datahangar · May 12, 2024 · 7eca8a1 · 7eca8a1
1 parent c301531
commit 7eca8a1
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 21 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+.*
+!.github/
+!.github/*
diff --git a/Makefile b/Makefile
@@ -4,7 +4,14 @@ start: _build _run
 _build:
 	@docker build -f Dockerfile -t frontend .
 _run:
-	@docker run -d --name frontend --network minikube -p 80:80 frontend
+	@mkdir -p ".tmp/certs"
+	@cp conf/* .tmp/
+	@if [ ! -f ".tmp/certs/frontend.crt" ]; then \
+		openssl req -x509 -newkey rsa:4096 -keyout .tmp/certs/frontend.key -out .tmp/certs/frontend.crt -days 365 -nodes -subj "/CN=datahangar.io"; \
+	fi
+	@sed -i "s/__REST_IP__/$$(minikube kubectl -- -n datahangar-stack get service backend-service  -o jsonpath='{.spec.clusterIP}')/g" .tmp/datahangar.conf
+	@sed -i "s/__TURNILO_IP__/$$(minikube kubectl -- -n datahangar-stack get service ui-turnilo-service  -o jsonpath='{.spec.clusterIP}')/g" .tmp/datahangar.conf
+	@docker run -d --name frontend --network minikube -v $$(pwd)/.tmp/certs:/etc/nginx/certs -v $$(pwd)/.tmp/htpasswd:/etc/nginx/htpasswd/htpasswd -v $$(pwd)/.tmp/datahangar.conf:/etc/nginx/conf.d/default.conf -p 80:80 -p 443:443 frontend
 stop:
 	@docker kill frontend || true
 	@docker rm frontend || true

diff --git a/conf/datahangar.conf b/conf/datahangar.conf
@@ -1,22 +1,42 @@
 server {
-  add_header 'Access-Control-Allow-Origin' '*';
-  listen        80;
-  server_name   www.datahangar.io;
-
-  location  /rest {
-    proxy_pass         http://10.107.110.210;
-    proxy_redirect     off;
-    proxy_set_header   Host $host;
-  }
-
-  location  /turnilo {
-    proxy_pass         http://10.107.110.210;
-    proxy_redirect     off;
-    proxy_set_header   Host $host;
-  }
-
-  location / {
-    autoindex on;
-    root /usr/share/nginx/html/datahangar/;
-  }
+	#HTTP to HTTPs
+	listen 80 default_server;
+	server_name _;
+	return 301 https://$host$request_uri;
+}
+
+server {
+	listen 443 ssl;
+	server_name   www.datahangar.io;
+
+	add_header 'Access-Control-Allow-Origin' '*';
+
+	# SSL block
+	ssl_certificate /etc/nginx/certs/frontend.crt;
+	ssl_certificate_key /etc/nginx/certs/frontend.key;
+
+	# Other SSL configurations (optional)
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:...';
+
+	auth_basic "Restricted Content";
+	auth_basic_user_file /etc/nginx/htpasswd/htpasswd;
+
+	location  /rest {
+		proxy_pass         http://__REST_IP__;
+		proxy_redirect     off;
+		proxy_set_header   Host $host;
+	}
+
+	location  /turnilo {
+		proxy_pass         http://__TURNILO_IP__:9090;
+		proxy_redirect     off;
+		proxy_set_header   Host $host;
+	}
+
+	location / {
+		autoindex on;
+		root /usr/share/nginx/html/datahangar/;
+	}
 }
diff --git a/conf/htpasswd b/conf/htpasswd
@@ -0,0 +1 @@
+user1:$2y$05$GdG/X5qtHXOPxRo80mvsqO2ZTsXj2WHCzF72hdfpD8MeOl.hwKbMy
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		user1:$2y$05$GdG/X5qtHXOPxRo80mvsqO2ZTsXj2WHCzF72hdfpD8MeOl.hwKbMy