beevelop · p4l1ly · Jun 18, 2018 · Jun 18, 2018 · Jun 19, 2018 · Jun 19, 2018
diff --git a/Dockerfile b/Dockerfile
@@ -2,11 +2,12 @@ FROM nginx:alpine
 
 ENV HTPASSWD='foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.' \
     FORWARD_PORT=80 \
-    FORWARD_HOST=web
+    FORWARD_HOST=web \
+    PROXY_READ_TIMEOUT=900
 
 WORKDIR /opt
 
-RUN apk add --no-cache gettext
+RUN apk add --no-cache gettext apache2-utils
 
 COPY auth.conf auth.htpasswd launch.sh ./
 

diff --git a/README.md b/README.md
@@ -31,6 +31,8 @@ docker run -d \
 ## Configuration
 - `HTPASSWD` (default: `foo:$apr1$odHl5EJN$KbxMfo86Qdve2FH4owePn.`): Will be written to the .htpasswd file on launch (non-persistent)
 - `FORWARD_PORT` (default: `80`): Port of the **source** container that should be forwarded
+- `FORWARD_HOST` (default: `web`): Host of the **source** container that should be forwarded
+- `PROXY_READ_TIMEOUT` (default: `900`): Timeout of the backend response
 > The container does not need any volumes to be mounted! Nonetheless you will find all interesting files at `/etc/nginx/*`.
 
 ## Multiple Users
@@ -42,6 +44,20 @@ docker run -d --link web:web --name auth \
 ```
 results in 2 users (`foo:bar` and `test:test`).
 
+## Raw Credentials
+If passing the contents of the HTPASSWD file is not convenient for you (because
+you need to perform additional step of generating it via `htpasswd -nb foo
+bar`), you can pass the credentials in a raw form and the contents of HTPASSWD
+variable will be generated for you. The `RAW_CREDENTIALS=1` must be set to
+enable this feature.
+
+```
+docker run -d --link web:web --name auth \
+           -e HTPASSWD=$'foo:bar\ntest:test' \
+           -e RAW_CREDENTIALS=1 \
+           beevelop/nginx-basic-auth
+```
+
 ## Troubleshooting
 ```
 nginx: [emerg] host not found in upstream "web" in /etc/nginx/conf.d/auth.conf:80

diff --git a/auth.conf b/auth.conf
@@ -1,11 +1,15 @@
 server {
  listen 80 default_server;
 
+ resolver $NAMESERVER valid=30s;
+
+ set $backend "http://${FORWARD_HOST}:${FORWARD_PORT}";
+
  location / {
      auth_basic              "Restricted";
      auth_basic_user_file    auth.htpasswd;
 
-     proxy_pass                          http://${FORWARD_HOST}:${FORWARD_PORT};
-     proxy_read_timeout                  900;
+     proxy_pass                          $backend;
+     proxy_read_timeout                  ${PROXY_READ_TIMEOUT};
  }
 }
diff --git a/launch.sh b/launch.sh
@@ -1,7 +1,21 @@
 #!/bin/sh
 
+if [ "$RAW_CREDENTIALS" = 1 ]; then
+  HTPASSWD=$(
+    for line in $(echo $HTPASSWD); do
+      USERNAME="$(echo "$line" | cut -d':' -f1)"
+      PASSWORD="$(echo "$line" | cut -d':' -f2)"
+      htpasswd -nb "$USERNAME" "$PASSWORD" | head -n1
+    done
+  )
+fi
+
+export NAMESERVER=$(cat /etc/resolv.conf | grep 'nameserver' | awk '{print $2}' | tr '\n' ' ')
+
 rm /etc/nginx/conf.d/default.conf || :
-envsubst < auth.conf > /etc/nginx/conf.d/auth.conf
+
+envsubst '$NAMESERVER,$FORWARD_HOST,$FORWARD_PORT,$PROXY_READ_TIMEOUT' \
+  < auth.conf > /etc/nginx/conf.d/auth.conf
 envsubst < auth.htpasswd > /etc/nginx/auth.htpasswd
 
 nginx -g "daemon off;"