add deployment option to enable basic auth

Dockerfile

@@ -18,6 +18,9 @@ RUN curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/c
     && dpkg -i cloudflared.deb \
     && rm cloudflared.deb
 
+# Install apache2-utils
+RUN apt-get update && apt-get install -y apache2-utils
+
 # Set the working directory in the container
 WORKDIR /usr/src/app
 

deploy.sh

@@ -7,24 +7,45 @@
 
 set -e  # Exit immediately if a command exits with a non-zero status
 
+# Initialize variables
+ENABLE_BASIC_AUTH=false
+
+# Parse command line arguments
+POSITIONAL_ARGS=()
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --enable_basic_auth)
+      ENABLE_BASIC_AUTH=true
+      shift
+      ;;
+    *)
+      POSITIONAL_ARGS+=("$1")
+      shift
+      ;;
+  esac
+done
+
+# Restore positional parameters
+set -- "${POSITIONAL_ARGS[@]}"
+
 # Check command line arguments
 if [ $# -lt 2 ] || [ $# -gt 3 ]; then
     echo "Error: Please specify environment and host, with optional subdomain"
-    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain]"
+    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]"
     exit 1
 fi
 
 # Validate first argument (environment)
 if [ "$1" != "prod" ] && [ "$1" != "staging" ]; then
     echo "Error: First argument must be either 'prod' or 'staging'"
-    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain]"
+    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]"
     exit 1
 fi
 
 # Validate second argument (host)
 if [ "$2" != "eu" ] && [ "$2" != "us" ] && [ "$2" != "staging" ] && [ "$2" != "masters" ]; then
     echo "Error: Second argument must be either 'eu', 'us', 'staging', or 'masters'"
-    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain]"
+    echo "Usage: $0 [prod|staging] [eu|us|staging|masters] [subdomain] [--enable_basic_auth]"
     exit 1
 fi
 
@@ -79,6 +100,21 @@ if [ -z "$SERVER_HOST" ]; then
     exit 1
 fi
 
+# Check if basic auth is enabled and credentials are available
+if [ "$ENABLE_BASIC_AUTH" = true ]; then
+    print_header "BASIC AUTH ENABLED"
+    if [ -z "$BASIC_AUTH_USER" ] || [ -z "$BASIC_AUTH_PASS" ]; then
+        echo "Error: Basic Auth is enabled but BASIC_AUTH_USER or BASIC_AUTH_PASS not defined in .env file or environment"
+        exit 1
+    fi
+    echo "Basic Authentication will be enabled with user: $BASIC_AUTH_USER"
+else
+    # If basic auth is not enabled, set the variables to empty to ensure they don't get used
+    BASIC_AUTH_USER=""
+    BASIC_AUTH_PASS=""
+    echo "Basic Authentication is disabled"
+fi
+
 # Configuration
 UPDATE_SCRIPT="./update.sh"                    # Path to your update script
 REMOTE_USER="openfront"                        
@@ -153,6 +189,8 @@ SUBDOMAIN=$SUBDOMAIN
 OTEL_USERNAME=$OTEL_USERNAME
 OTEL_PASSWORD=$OTEL_PASSWORD
 OTEL_ENDPOINT=$OTEL_ENDPOINT
+BASIC_AUTH_USER=$BASIC_AUTH_USER
+BASIC_AUTH_PASS=$BASIC_AUTH_PASS
 EOL
 chmod 600 $REMOTE_UPDATE_PATH/.env && \
 $REMOTE_UPDATE_SCRIPT"
@@ -164,5 +202,8 @@ fi
 
 print_header "DEPLOYMENT COMPLETED SUCCESSFULLY"
 echo "✅ New version deployed to ${ENV} environment in ${HOST} with subdomain ${SUBDOMAIN}!"
+if [ "$ENABLE_BASIC_AUTH" = true ]; then
+    echo "🔒 Basic authentication enabled with user: $BASIC_AUTH_USER"
+fi
 echo "🌐 Check your server to verify the deployment."
-echo "======================================================="
+echo "======================================================="

startup.sh

@@ -78,13 +78,30 @@ else
     --data "{\"type\":\"CNAME\",\"name\":\"${SUBDOMAIN}\",\"content\":\"${TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}")
 fi
 
-
 # Log the tunnel information
 echo "Tunnel is set up! Site will be available at: https://${SUBDOMAIN}.${DOMAIN}"
 
-
 # Export the tunnel token for supervisord
 export CLOUDFLARE_TUNNEL_TOKEN=${TUNNEL_TOKEN}
 
+
+# Check if Basic Auth credentials are set
+if [ -z "$BASIC_AUTH_USER" ] || [ -z "$BASIC_AUTH_PASS" ]; then
+  echo "HTTP Basic Authentication will be disabled"
+else
+  # Create the htpasswd file
+  echo "Creating basic auth credentials for user: ${BASIC_AUTH_USER}"
+  # Ensure apache2-utils is installed for htpasswd
+  command -v htpasswd >/dev/null 2>&1 || { echo "htpasswd not found, installing apache2-utils..."; apt-get update && apt-get install -y apache2-utils; }
+  # Create the password file
+  htpasswd -bc /etc/nginx/.htpasswd ${BASIC_AUTH_USER} ${BASIC_AUTH_PASS}
+  
+  # Update Nginx configuration to enable Basic Auth
+  sed -i '1i auth_basic "Restricted Access";' /etc/nginx/conf.d/default.conf
+  sed -i '2i auth_basic_user_file /etc/nginx/.htpasswd;' /etc/nginx/conf.d/default.conf
+  
+  echo "HTTP Basic Authentication enabled for user: ${BASIC_AUTH_USER}"
+fi
+
 # Start supervisord
 exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf