From 31c06d70710e77eded2ad4feffc0ced76291e78b Mon Sep 17 00:00:00 2001
From: Francisco Marques <francisco@significa.co>
Date: Fri, 13 Sep 2024 10:46:55 +0100
Subject: [PATCH] =?UTF-8?q?Initial=20commit=20=F0=9F=90=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ci-cd.yaml   | 22 ++++++++++++++++++++++
 40-basic-auth-htpasswd.sh      |  5 +++++
 50-setup-health-and-version.sh | 20 ++++++++++++++++++++
 Dockerfile                     | 14 ++++++++++++++
 LICENSE                        | 21 +++++++++++++++++++++
 README.md                      | 32 ++++++++++++++++++++++++++++++++
 app_version.conf               |  5 +++++
 healthz.conf                   |  5 +++++
 nginx.conf                     | 21 +++++++++++++++++++++
 9 files changed, 145 insertions(+)
 create mode 100644 .github/workflows/ci-cd.yaml
 create mode 100755 40-basic-auth-htpasswd.sh
 create mode 100755 50-setup-health-and-version.sh
 create mode 100644 Dockerfile
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 app_version.conf
 create mode 100644 healthz.conf
 create mode 100644 nginx.conf

diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml
new file mode 100644
index 0000000..2c68d36
--- /dev/null
+++ b/.github/workflows/ci-cd.yaml
@@ -0,0 +1,22 @@
+name: CI/CD
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  release:
+    types:
+      - published
+  workflow_dispatch:
+
+jobs:
+  build_and_push:
+    name: Build and push image
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    uses: significa/actions/.github/workflows/docker-image.yaml@main
+    with:
+      image_name: nginx-with-basic-auth
diff --git a/40-basic-auth-htpasswd.sh b/40-basic-auth-htpasswd.sh
new file mode 100755
index 0000000..c0be47c
--- /dev/null
+++ b/40-basic-auth-htpasswd.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -eu
+
+/usr/bin/htpasswd -bc /etc/nginx/htpasswd "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD"
diff --git a/50-setup-health-and-version.sh b/50-setup-health-and-version.sh
new file mode 100755
index 0000000..262bbf1
--- /dev/null
+++ b/50-setup-health-and-version.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -eu
+
+mkdir -p /usr/share/nginx/app-version
+echo -n "$APP_VERSION" > /usr/share/nginx/app-version/app-version.txt
+
+NGINX_CONF_PATH="/etc/nginx/conf.d/default.conf"
+
+if [ "$ENABLE_HEALTH_ROUTE" = "true" ]; then
+    echo "Enabling /healthz route"
+    sed -i 's/# include \/etc\/nginx\/healthz.conf;/include \/etc\/nginx\/healthz.conf;/' $NGINX_CONF_PATH
+fi
+
+if [ "$ENABLE_VERSION_ROUTE" = "true" ]; then
+    echo "Enabling /healthz/version route"
+    sed -i 's/# include \/etc\/nginx\/app_version.conf;/include \/etc\/nginx\/app_version.conf;/' $NGINX_CONF_PATH
+fi
+
+cat $NGINX_CONF_PATH
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..1f02700
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+FROM nginx:1-alpine
+
+RUN apk update && \
+    apk add --no-cache apache2-utils && \
+    rm /var/cache/apk/*
+
+COPY ./nginx.conf /etc/nginx/conf.d/default.conf
+COPY ./healthz.conf ./app_version.conf /etc/nginx/
+COPY ./40-basic-auth-htpasswd.sh ./50-setup-health-and-version.sh /docker-entrypoint.d/
+
+ARG APP_VERSION=unknown
+ENV APP_VERSION=$APP_VERSION
+ENV ENABLE_HEALTH_ROUTE=true
+ENV ENABLE_VERSION_ROUTE=true
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..6f6adee
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Significa
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d6c0463
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+# Nginx with Basic Auth Docker Image
+
+This is a simple, small, and multi-arch Docker image of Nginx with basic authentication enabled.
+
+**Example**
+
+```sh
+docker run \
+    -e BASIC_AUTH_USERNAME=your_username \
+    -e BASIC_AUTH_PASSWORD=your_password \
+    -v ./your/www/dir:/usr/share/nginx/html \
+    ghcr.io/significa/nginx-with-basic-auth
+```
+
+Image name/url: `ghcr.io/significa/nginx-with-basic-auth`
+
+## Usage
+
+This image can be configured using environment variables during runtime. You do not need to prepare htpasswd encoded strings beforehand. Simply pass the environment variables in plaintext.
+
+
+**Required Environment Variables**
+
+* `BASIC_AUTH_USERNAME`: The username for basic authentication.
+* `BASIC_AUTH_PASSWORD`: The password for basic authentication.
+
+**Optional Environment Variables**
+
+These environment variables are optional and are used to enable `/healthz` and `/healthz/version`. They default to `true` but can be set to `false` to disable them. The version rute consumes the `APP_VERSION` env var (that can be set via a build argument).
+
+* `ENABLE_HEALTH_ROUTE`: Enables the `/healthz` route.
+* `ENABLE_VERSION_ROUTE`: Enables the `/version` route.
diff --git a/app_version.conf b/app_version.conf
new file mode 100644
index 0000000..31b7b71
--- /dev/null
+++ b/app_version.conf
@@ -0,0 +1,5 @@
+location /healthz/version {
+    charset   utf-8;
+    alias     /usr/share/nginx/app-version/;
+    try_files /app-version.txt =404;
+}
diff --git a/healthz.conf b/healthz.conf
new file mode 100644
index 0000000..94c29fb
--- /dev/null
+++ b/healthz.conf
@@ -0,0 +1,5 @@
+location /healthz {
+    charset      utf-8;
+    default_type text/plain;
+    return 200 "OK";
+}
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..cd645ca
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,21 @@
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  localhost;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html;
+        charset utf-8;
+        auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/htpasswd;
+    }
+
+    # include /etc/nginx/healthz.conf;
+    # include /etc/nginx/app_version.conf;
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}