3 steps to Basic Authentication with Docker+Nginx

When we had a specification for HTTP Basic Authentication in our application and wanted to implement that functionality, we needed a test environment where we could test the Basic Authentication code.

Therefore, we created a page to authenticate with Basic authentication on a Docker containerized web server.

There are three steps required to enable Basic Authentication.

  1. Setup a web server.
  2. Create the password file.
  3. Set the URL for Basic authentication.
TOC

STEP 1 Setup a web server

Setup a web server. The web server will be a containerized Nginx in Docker; see the following article for details on how to run Nginx in Docker.

You also need to edit the Nginx configuration file, so please copy nginx.conf and default.conf from the container to the same folder as the Dockerfile, referring to the following article.

We want the URL to authenticate to be http://localhost:8080/autharea, so we create a content-home/autharea/index.html file. Since it is sufficient to confirm that the connection has been made, the content is as follows.

<!DOCTYPE html>
<html lang="ja">
<head>
	<meta charset="utf-8" />
	<title>Authorized Area</title>
</head>
<body>
	<p>Here is an Authorized Area.</p>
</body>
</html>

STEP 2 Create the password file

Basic authentication requires a password file containing the account information to be authenticated; when building the Docker image, a script that generates the password file should be copied into the container and executed.

About a password file

The password file is a text file in the following format, saved in /etc/nginx/.htpasswd.

UserName:Password

Write one line per account. Also, instead of writing the password in plain text, write the hash calculated by openssl as follows.

% openssl passwd -crypt Password

Script to generate password file

Create a script to generate a password file: In the same folder as the Dockerfile, create the file gen_htpasswd and enter the following script.

#!/bin/bash

USER_NAME=testuser
PASSWD=testpasss
CRYPTPASS=`openssl passwd -crypt ${PASSWD}`

echo "${USER_NAME}:${CRYPTPASS}" >> /etc/nginx/.htpasswd

This script creates an account with the username testuser and password testpass.

Run the password file generation script

Ensure that the script is executed when the Docker image is built. Enter the following code in the Dockerfile created in STEP 1.

FROM nginx:1.23

COPY nginx.conf /etc/nginx
COPY default.conf /etc/nginx/conf.d
COPY gen_htpasswd /etc/nginx

RUN apt update
RUN apt install -y openssl

RUN /etc/nginx/gen_htpasswd

The following section was added to the file created in STEP 1.

COPY gen_htpasswd /etc/nginx

RUN apt update
RUN apt install -y openssl

RUN /etc/nginx/gen_htpasswd

The following processes are performed.

  1. Copy the gen_htpasswd file into the /etc/nginx directory.
  2. Install openssl using apt.
  3. Run the copied gen_htpasswd.

STEP 3 Set the URL for Basic authentication

Set the URL for Basic authentication. Add location /autharea after location / in the default.conf file created in STEP 1.

server {
# Omission

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    
    location /autharea {
    	root	/usr/share/nginx/html;
    	index	index.html index.htm;
    	auth_basic	"Restricted";
    	auth_basic_user_file	/etc/nginx/.htpasswd;
    }

# Omission
}

/autharea is the URL to be authenticated. In this case, the following URLs are to be authenticated.

http://localhost:8080/autharea

For example, if /autharea is set to /member, the following URLs are subject to authentication.

http://localhost:8080/member

Test

Run the container and try it out. The container created in STEP 1 builds an image via docker-compose as follows.

% docker-compose build

Once the image is built, run the container.

% docker-compose up -d

Connect to http://localhost:8080/autharea/ with a web browser. An authentication dialog should appear.

Basic authentication dialog in Safari
Basic authentication dialog in Safari

Try logging in with an account other than the one you created. After confirming that an error occurs and you are rejected, try logging in with the account you created. You should be able to log in.

Let's share this post !

Author of this article

Akira Hayashiのアバター Akira Hayashi Representative, Software Engineer

I am an application developer loves programming. This blog is a tech blog, its articles are learning notes. In my work, I mainly focus on desktop and mobile application development, but I also write technical books and teach seminars. The websites of my work and books are here -> RK Kaihatsu.

TOC