Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add an environment variable to disable basic authentication for HTTP OPTIONS to enable CORS requests. The default behavior does not change, authentication for OPTIONS is still enabled by default

Browse source
This commit is contained in:
Vincent Emonet 2021-09-13 20:29:27 +02:00
parent b133403331
commit 33d8b457c5
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -317,6 +317,14 @@ docker run -d -p 80:80 -p 443:443 \
You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html) You'll need apache2-utils on the machine where you plan to create the htpasswd file. Follow these [instructions](http://httpd.apache.org/docs/2.2/programs/htpasswd.html)
### Enable CORS with basic authentication
By default CORS preflight requests fails for routes requiring authentication, because all requests should only be forwarded after authentication. If you still need to enable CORS requests on a service with basic authentication you can enable `OPTIONS` requests to be passed without authentication using the `ENABLE_CORS_AUTH` environment variable:
```console
docker run -d -p 80:80 -e ENABLE_CORS_AUTH=true -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
```
### Custom Nginx Configuration ### Custom Nginx Configuration
If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis. If you need to configure Nginx beyond what is possible using environment variables, you can provide custom configuration files on either a proxy-wide or per-`VIRTUAL_HOST` basis.

8
nginx.tmpl
View file

@ -122,6 +122,7 @@ proxy_set_header Proxy "";
{{ $access_log := (or (and (not $.Env.DISABLE_ACCESS_LOGS) "access_log /var/log/nginx/access.log vhost;") "") }} {{ $access_log := (or (and (not $.Env.DISABLE_ACCESS_LOGS) "access_log /var/log/nginx/access.log vhost;") "") }}
{{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }} {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
{{ $enable_cors_auth := eq (or ($.Env.ENABLE_CORS_AUTH) "") "false" }}
server { server {
server_name _; # This is just an invalid value which will never trigger on a real hostname. server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off; server_tokens off;
@ -347,8 +348,15 @@ server {
{{ end }} {{ end }}
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
{{ if $enable_cors_auth }}
limit_except OPTIONS {
auth_basic "Restricted {{ $host }}"; auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
}
{{ else }}
auth_basic "Restricted {{ $host }}";
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }};
{{ end }}
{{ end }} {{ end }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} {{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; include {{ printf "/etc/nginx/vhost.d/%s_location" $host}};