diff --git a/Dockerfile b/Dockerfile index dd26901..9b92496 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.11-slim as base +FROM python:3.11-slim AS base # set version label ARG BUILD_DATE @@ -7,13 +7,13 @@ LABEL build_version="Apprise API version:- ${VERSION} Build-date:- ${BUILD_DATE} LABEL maintainer="Chris-Caron" # set environment variables -ENV PYTHONDONTWRITEBYTECODE 1 -ENV PYTHONUNBUFFERED 1 -ENV APPRISE_CONFIG_DIR /config -ENV APPRISE_ATTACH_DIR /attach -ENV APPRISE_PLUGIN_PATHS /plugin +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV APPRISE_CONFIG_DIR=/config +ENV APPRISE_ATTACH_DIR=/attach +ENV APPRISE_PLUGIN_PATHS=/plugin -FROM base as builder +FROM base AS builder WORKDIR /build/ @@ -41,7 +41,7 @@ RUN set -eux && \ --no-binary cryptography \ cryptography -FROM base as runtime +FROM base AS runtime # Install requirements and gunicorn COPY ./requirements.txt /etc/requirements.txt @@ -78,7 +78,8 @@ COPY apprise_api/ webapp # Configuration Permissions (to run nginx as a non-root user) RUN umask 0002 && \ - touch /etc/nginx/override.conf + touch /etc/nginx/server-override.conf && \ + touch /etc/nginx/location-override.conf VOLUME /config VOLUME /attach diff --git a/README.md b/README.md index 23e0a2d..474dd0a 100644 --- a/README.md +++ b/README.md @@ -401,8 +401,56 @@ The use of environment variables allow you to provide over-rides to default sett | `DEBUG` | This defaults to `no` and can however be set to `yes` by simply defining the global variable as such. -## Development Environment +## Nginx Overrides +The 2 files you can override are: +1. `/etc/nginx/location-override.conf` which is included within all of the Apprise API NginX `location` references. +1. `/etc/nginx/server-override.conf` which is included within Apprise API `server` reference. + +### Authentication +Under the hood, Apprise-API is running a small NginX instance. It allows for you to inject your own configuration into it. One thing you may wish to add is basic authentication. + +Below we create ourselves some nginx directives we'd like to apply to our Apprise API: +```nginx +# Our override.conf file: +auth_basic "Apprise API Restricted Area"; +auth_basic_user_file /etc/nginx/.htpasswd; +``` + +Now let's set ourselves up with a simple password file (for more info on htpasswd files, see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/) +```bash +# Create ourselves a for our user 'foobar'; the below will prompt you for the pass +# you want to provide: +htpasswd -c apprise_api.htpasswd foobar + +# Note: the -c above is only needed to create the database for the first time +``` + +Now we can create our docker container with this new authentication information: +```bash +# Create our container containing Basic Auth: +docker run --name apprise \ + -p 8000:8000 \ + -e PUID=$(id -u) \ + -e PGID=$(id -g) \ + -v /path/to/local/config:/config \ + -v /path/to/local/attach:/attach \ + -v ./override.conf:/etc/nginx/location-override.conf:ro \ + -v ./apprise_api.htpasswd:/etc/nginx/.htpasswd:ro \ + -e APPRISE_STATEFUL_MODE=simple \ + -e APPRISE_WORKER_COUNT=1 \ + -d caronc/apprise:latest +``` + +Visit http://localhost:8000 to see if things are working as expected. If you followed the example above, you should log in as the user `foobar` using the credentials you provided the account. + +You can add further accounts to the existing database by omitting the `-c` switch: +```bash +# Add another account +htpasswd apprise_api.htpasswd user2 +``` + +## Development Environment The following should get you a working development environment to test with: ```bash diff --git a/apprise_api/etc/nginx.conf b/apprise_api/etc/nginx.conf index 53de61e..5bef79a 100644 --- a/apprise_api/etc/nginx.conf +++ b/apprise_api/etc/nginx.conf @@ -16,6 +16,8 @@ http { types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; + # Do not display Nginx Version + server_tokens off; ## # Upload Restriction @@ -45,7 +47,7 @@ http { # Allow users to map to this file and provide their own custom # overrides such as - include /etc/nginx/override.conf; + include /etc/nginx/server-override.conf; # Main Website location / { @@ -56,12 +58,14 @@ http { proxy_pass http://localhost:8080; # Give ample time for notifications to fire proxy_read_timeout 120s; + include /etc/nginx/location-override.conf; } # Static Content location /s/ { root /usr/share/nginx/html; index index.html; + include /etc/nginx/location-override.conf; } # 404 error handling