Nginx proxy - HackMD

# Nginx proxy To set up an Nginx reverse proxy with Docker Compose and add basic authentication, you can follow these steps: 1. **Create a Docker Compose YAML file:** Create a file named `docker-compose.yml` in your project directory and add the following content: ```yaml version: '3' services: nginx-proxy: image: nginx container_name: nginx-proxy ports: - "80:80" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro networks: - proxy-net your-app: image: your-app-image container_name: your-app-container environment: - VIRTUAL_HOST=yourdomain.com networks: - proxy-net networks: proxy-net: driver: bridge ``` 2. **Create an Nginx Configuration File:** Create an `nginx.conf` file in the same directory as your `docker-compose.yml` and add the following content: ```nginx events {} http { server { listen 80; location / { proxy_pass http://your-app:your-app-port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /basic-auth { auth_basic "Restricted Area"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://your-app:your-app-port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } } ``` Replace `your-app-image` with the name of your application's Docker image, and `yourdomain.com` with your actual domain. Replace `your-app-port` with the port your application listens to. 3. **Generate Basic Authentication Credentials:** Run the following command to generate the `.htpasswd` file with a username and password for basic authentication: ```bash docker run --rm -v $(pwd):/data clue/passy htpasswd -c /data/.htpasswd your_username ``` Replace `your_username` with the desired username. You will be prompted to enter a password for the user. 4. **Start the Services:** In the project directory, run the following command to start the services: ```bash docker-compose up -d ``` This will start the Nginx reverse proxy and your application in the background. Now, your Nginx proxy is configured to route requests to your application and enforce basic authentication for the `/basic-auth` path. Accessing `http://yourdomain.com/basic-auth` will prompt you for the username and password you set up earlier. ``` server { listen 80; server_name yourdomain.com; location / { proxy_pass http://your-app-server:your-app-port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /admin { auth_basic "Restricted Area"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://your-admin-app-server:your-admin-app-port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /api { proxy_pass http://your-api-server:your-api-port; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Add more location blocks as needed location /static { alias /path/to/static/files; } location /uploads { alias /path/to/uploaded/files; } # Add additional location blocks for static files, uploads, etc. } ``` https://stackoverflow.com/questions/56390226/how-to-add-extra-hosts-entries-in-helm-charts