Skip to content
This repository has been archived by the owner on Dec 4, 2023. It is now read-only.

Commit

Permalink
Basic auth (#8)
Browse files Browse the repository at this point in the history
  • Loading branch information
sekulicd authored Sep 25, 2023
1 parent 48ca5fb commit 37e9760
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 15 deletions.
10 changes: 6 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -130,16 +130,18 @@ down:

## runall: run prem-gateway and prem-box
runall:
@chmod +x ./script/run_all.sh
@export PREMD_IMAGE=$(PREMD_IMAGE); \
chmod +x ./script/run_all.sh
export PREMD_IMAGE=$(PREMD_IMAGE); \
export PREMAPP_IMAGE=$(PREMAPP_IMAGE); \
export BASIC_AUTH_CREDENTIALS=$(BASIC_AUTH_CREDENTIALS); \
./script/run_all.sh

## stopall: stop prem-gateway and prem-box
stopall:
@chmod +x ./script/stop_all.sh
@export PREMD_IMAGE=$(PREMD_IMAGE); \
chmod +x ./script/stop_all.sh
export PREMD_IMAGE=$(PREMD_IMAGE); \
export PREMAPP_IMAGE=$(PREMAPP_IMAGE); \
export BASIC_AUTH_CREDENTIALS=$(BASIC_AUTH_CREDENTIALS); \
./script/stop_all.sh

#### Go lint ####
Expand Down
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,16 @@ make up LETSENCRYPT_PROD=true SERVICES=premd,premapp

#### Run prem-gateway with prem-app and prem-daemon:
```bash
make runall PREMD_IMAGE={IMG} PREMAPP_IMAGE={IMG}
make runall PREMD_IMAGE={IMG} PREMAPP_IMAGE={IMG} BASIC_AUTH_CREDENTIALS={CREDENTIALS}
```

#### Stop prem-gateway, prem-app and prem-daemon:
```bash
make stopall PREMD_IMAGE={IMG} PREMAPP_IMAGE={IMG}
make stopall PREMD_IMAGE={IMG} PREMAPP_IMAGE={IMG} BASIC_AUTH_CREDENTIALS={CREDENTIALS}
```

#### To generate proper credentials for basic auth, use bellow command.
```bash
echo $(htpasswd -nB {USER}) | sed -e s/\\$/\\$\\$/g
```

61 changes: 52 additions & 9 deletions controller/cmd/controllerd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -296,16 +296,25 @@ func restartServicesWithTls(domain string, services []string, premServices map[s
for _, v := range services {
switch v {
case premappService:
basicAuthMiddlewareLabelKey, basicAuthMiddlewareLabelValue, basicAuthName, err := getPremServiceBasicAuthInfo(ctx, cli)
if err != nil {
return err
}

// TODO handle restart of prem-gateway with dns exists

labels := map[string]string{
"traefik.enable": "true",
"traefik.http.routers.premapp-http.rule": fmt.Sprintf("PathPrefix(`/`) && Host(`%s`)", domain),
"traefik.http.routers.premapp-http.entrypoints": "web",
"traefik.http.routers.premapp-https.rule": fmt.Sprintf("PathPrefix(`/`) && Host(`%s`)", domain),
"traefik.http.routers.premapp-https.entrypoints": "websecure",
fmt.Sprintf("traefik.http.routers.%s-%s.tls.certresolver", v, "https"): "myresolver",
"traefik.http.middlewares.http-to-https.redirectscheme.scheme": "https",
"traefik.http.routers.premapp-http.middlewares": "http-to-https",
"traefik.http.services.premapp.loadbalancer.server.port": "8080",
"traefik.enable": "true",
"traefik.http.routers.premapp-http.rule": fmt.Sprintf("PathPrefix(`/`) && Host(`%s`)", domain),
"traefik.http.routers.premapp-http.entrypoints": "web",
"traefik.http.routers.premapp-https.rule": fmt.Sprintf("PathPrefix(`/`) && Host(`%s`)", domain),
"traefik.http.routers.premapp-https.entrypoints": "websecure",
"traefik.http.routers.premapp-https.tls.certresolver": "myresolver",
"traefik.http.middlewares.http-to-https.redirectscheme.scheme": "https",
"traefik.http.routers.premapp-http.middlewares": fmt.Sprintf("http-to-https, %s", basicAuthName),
"traefik.http.routers.premapp-https.middlewares": basicAuthName,
"traefik.http.services.premapp.loadbalancer.server.port": "8080",
basicAuthMiddlewareLabelKey: basicAuthMiddlewareLabelValue,
}

if err := restartContainer(ctx, cli, v, labels, nil); err != nil {
Expand Down Expand Up @@ -420,3 +429,37 @@ type PremService struct {
SendTo string `json:"baseUrl"`
} `json:"invokeMethod"`
}

func getPremServiceBasicAuthInfo(
ctx context.Context, cli *client.Client,
) (string, string, string, error) {
var (
basicAuthMiddlewareLabelKey string
basicAuthMiddlewareLabelValue string
basicAuthName string
)

containerJson, err := cli.ContainerInspect(ctx, premappService)
if err != nil {
return "", "", "", fmt.Errorf("failed to inspect container %s: %v", premappService, err)
}

for k, v := range containerJson.Config.Labels {
if strings.Contains(k, "basicauth") {
basicAuthMiddlewareLabelKey = k
basicAuthMiddlewareLabelValue = v

parts := strings.Split(k, ".")
for i, part := range parts {
if part == "middlewares" && i+1 < len(parts) {
basicAuthName = parts[i+1]
break
}
}

return basicAuthMiddlewareLabelKey, basicAuthMiddlewareLabelValue, basicAuthName, nil
}
}

return "", "", "", nil
}
2 changes: 2 additions & 0 deletions script/docker-compose-box.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ services:
- "traefik.http.routers.premapp-http.rule=PathPrefix(`/`)"
- "traefik.http.routers.premapp-http.entrypoints=web"
- "traefik.http.services.premapp.loadbalancer.server.port=8080"
- "traefik.http.middlewares.mybasicauth.basicauth.users=${BASIC_AUTH_CREDENTIALS}"
- "traefik.http.routers.premapp-http.middlewares=mybasicauth"
ports:
- "8085:8080"

Expand Down

0 comments on commit 37e9760

Please sign in to comment.