Persistent nginx/discourse.conf?

(Ryan Erwin) #1

When I’m using the current default docker install of discourse, ./launcher enter app the container, /etc/nginx/conf.d/discourse.conf contains:

  location / {
    root $public;
    add_header ETag "";

    # auth_basic on;
    # auth_basic_user_file /etc/nginx/htpasswd;

    location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {

I would like to enable auth_basic while working on my site, but I frequently end up doing ./launcher rebuild app as there’s inevitably something else to reconfigure or something to change.

Unfortunately, each time this wipes out my basic auth, making my completely private site public. (other people looking at the site are especially interested in how registration for new users will work… so basic auth seems to be the best solution).

I’ve noticed that most of the “customizing nginx” discussion on meta talks about setting up a completely separate nginx instance, which certainly seems like overkill here considering what I want is already in the file, just commented out.

So what’s the right procedure so that my basic auth will survive reboots? Do I make my own pups template in /templates, or use write it at the bottom of my /containers/app.yml in the final ## Any custom commands to run after building run: section?

(Bhanu Sharma) #2

Better choice can be to run your container behind an nginx reverse proxy to handle the auth_basic

(Felix Freiberger) #3

An alternative is to use pups directives in your app.yml to have the modifications you need applied during rebuild :slight_smile:

(Ryan Erwin) #4

@fefrei thank you for your suggestion and for reading clearly :smile:

(Ryan Erwin) #5

If anyone else is looking to add auth_basic to their site during development, and make it persistent across ./launcher rebuild app just update your containers/app.yml with:

## Any custom commands to run after building
  - exec: echo "Beginning of custom commands"
  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: "# auth_basic on"
     to: "auth_basic on"
  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: "# auth_basic_user_file /etc/nginx/htpasswd"
     to: "auth_basic_user_file /etc/nginx/htpasswd"
  - file:
     path: "/etc/nginx/htpasswd"
     contents: |
     # use: `openssl passwd -apr1` to generate password hash

Of course update myuser to be the actual username you want and run openssl passwd -apr1 to generate a hash of your real password.

Or you could install a whole separate instance of nginx and create a reverse proxy just for this… Whichever is easier for you :wink: