From 54fbf94d90ef4123d9a9ecb50c430fe6656685c1 Mon Sep 17 00:00:00 2001 From: evan Date: Thu, 1 May 2025 12:58:54 -0700 Subject: [PATCH] add deployment option to enable basic auth --- Dockerfile | 3 +++ deploy.sh | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- startup.sh | 21 +++++++++++++++++++-- 3 files changed, 68 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c63c4066d..dd81dbb80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,6 +18,9 @@ RUN curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/c && dpkg -i cloudflared.deb \ && rm cloudflared.deb +# Install apache2-utils +RUN apt-get update && apt-get install -y apache2-utils + # Set the working directory in the container WORKDIR /usr/src/app diff --git a/deploy.sh b/deploy.sh index 3ce6d00a4..55fcae3e0 100755 --- a/deploy.sh +++ b/deploy.sh @@ -7,24 +7,45 @@ set -e # Exit immediately if a command exits with a non-zero status +# Initialize variables +ENABLE_BASIC_AUTH=false + +# Parse command line arguments +POSITIONAL_ARGS=() +while [[ $# -gt 0 ]]; do + case $1 in + --enable_basic_auth) + ENABLE_BASIC_AUTH=true + shift + ;; + *) + POSITIONAL_ARGS+=("$1") + shift + ;; + esac +done + +# Restore positional parameters +set -- "${POSITIONAL_ARGS[@]}" + # Check command line arguments if [ $# -lt 2 ] || [ $# -gt 3 ]; then echo "Error: Please specify environment and host, with optional subdomain" - echo "Usage: $0 [prod|staging] [eu|us|staging] [subdomain]" + echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]" exit 1 fi # Validate first argument (environment) if [ "$1" != "prod" ] && [ "$1" != "staging" ]; then echo "Error: First argument must be either 'prod' or 'staging'" - echo "Usage: $0 [prod|staging] [eu|us|staging] [subdomain]" + echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]" exit 1 fi # Validate second argument (host) -if [ "$2" != "eu" ] && [ "$2" != "us" ] && [ "$2" != "staging" ]; then - echo "Error: Second argument must be either 'eu', 'us', or 'staging'" - echo "Usage: $0 [prod|staging] [eu|us|staging] [subdomain]" +if [ "$2" != "eu" ] && [ "$2" != "us" ] && [ "$2" != "staging" ] && [ "$2" != "masters" ]; then + echo "Error: Second argument must be either 'eu', 'us', 'staging', or 'masters'" + echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]" exit 1 fi @@ -79,6 +100,21 @@ if [ -z "$SERVER_HOST" ]; then exit 1 fi +# Check if basic auth is enabled and credentials are available +if [ "$ENABLE_BASIC_AUTH" = true ]; then + print_header "BASIC AUTH ENABLED" + if [ -z "$BASIC_AUTH_USER" ] || [ -z "$BASIC_AUTH_PASS" ]; then + echo "Error: Basic Auth is enabled but BASIC_AUTH_USER or BASIC_AUTH_PASS not defined in .env file or environment" + exit 1 + fi + echo "Basic Authentication will be enabled with user: $BASIC_AUTH_USER" +else + # If basic auth is not enabled, set the variables to empty to ensure they don't get used + BASIC_AUTH_USER="" + BASIC_AUTH_PASS="" + echo "Basic Authentication is disabled" +fi + # Configuration UPDATE_SCRIPT="./update.sh" # Path to your update script REMOTE_USER="openfront" @@ -154,6 +190,8 @@ SUBDOMAIN=$SUBDOMAIN OTEL_USERNAME=$OTEL_USERNAME OTEL_PASSWORD=$OTEL_PASSWORD OTEL_ENDPOINT=$OTEL_ENDPOINT +BASIC_AUTH_USER=$BASIC_AUTH_USER +BASIC_AUTH_PASS=$BASIC_AUTH_PASS EOL chmod 600 $REMOTE_UPDATE_PATH/.env && \ $REMOTE_UPDATE_SCRIPT" @@ -165,5 +203,8 @@ fi print_header "DEPLOYMENT COMPLETED SUCCESSFULLY" echo "✅ New version deployed to ${ENV} environment in ${HOST} with subdomain ${SUBDOMAIN}!" +if [ "$ENABLE_BASIC_AUTH" = true ]; then + echo "🔒 Basic authentication enabled with user: $BASIC_AUTH_USER" +fi echo "🌐 Check your server to verify the deployment." echo "=======================================================" \ No newline at end of file diff --git a/startup.sh b/startup.sh index 58e768d61..48595eee2 100644 --- a/startup.sh +++ b/startup.sh @@ -78,13 +78,30 @@ else --data "{\"type\":\"CNAME\",\"name\":\"${SUBDOMAIN}\",\"content\":\"${TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}") fi - # Log the tunnel information echo "Tunnel is set up! Site will be available at: https://${SUBDOMAIN}.${DOMAIN}" - # Export the tunnel token for supervisord export CLOUDFLARE_TUNNEL_TOKEN=${TUNNEL_TOKEN} + +# Check if Basic Auth credentials are set +if [ -z "$BASIC_AUTH_USER" ] || [ -z "$BASIC_AUTH_PASS" ]; then + echo "HTTP Basic Authentication will be disabled" +else + # Create the htpasswd file + echo "Creating basic auth credentials for user: ${BASIC_AUTH_USER}" + # Ensure apache2-utils is installed for htpasswd + command -v htpasswd >/dev/null 2>&1 || { echo "htpasswd not found, installing apache2-utils..."; apt-get update && apt-get install -y apache2-utils; } + # Create the password file + htpasswd -bc /etc/nginx/.htpasswd ${BASIC_AUTH_USER} ${BASIC_AUTH_PASS} + + # Update Nginx configuration to enable Basic Auth + sed -i '1i auth_basic "Restricted Access";' /etc/nginx/conf.d/default.conf + sed -i '2i auth_basic_user_file /etc/nginx/.htpasswd;' /etc/nginx/conf.d/default.conf + + echo "HTTP Basic Authentication enabled for user: ${BASIC_AUTH_USER}" +fi + # Start supervisord exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf \ No newline at end of file