Secure Docker Deployment

Secure docker instance with basic Authentication

Nginx reverse proxy with Basic Authentication

secureITmania
2 min readJul 1, 2022

Introduction:

Recently, I faced a challenge to deploy a docker web application with basic authentication. Instead of modifying the docker web application, I deployed the docker instance behind the Nginx reverse proxy with Basic Auth. So I want to share the process and challenges I faced in order to deploy the docker web app.

Nginx-Docker Reverse Proxy illustration

Stage 1: Setup Nginx and Basic Authentication:

First, we have to install Nginx and set up a password for basic authentication.

sudo apt-get install nginx

setup basic authentication credentials usinghtpasswd.

sudo htpasswd -c /etc/nginx/.htpasswd <setup_username>
#Running this will prompt you a password, pick a password and store it in a safe place.

If you got an error while executing the above command like htpasswd command not found. Then try the below command to install htpasswd

sudo apt-get install apache2-utils

Stage 2: Configure Nginx:

Edit /etc/nginx/nginx.conf with user configuration changed to any docker member user.

sudo sed -i 's/user .*;/user <dockermember>;/' /etc/nginx/nginx.conf

Stage 3: Deploy docker web application on localhost:

Make sure the docker instance should be run on the localhost. If you run the docker instance on public IP. Then there is no value to the Nginx reverse proxy.

sudo docker run --rm -it -p 127.0.0.1:8076:80 yeasy/simple-web:latest

Stage 4: Configure docker site to Nginx route:

sudo vi /etc/nginx/sites-enabled/docker

Add below content with the docker hostname and port number.

upstream docker {
  server unix:/var/run/docker.sock;
}

server {
  listen 4242 default_server;
  location / {
    proxy_pass http://127.0.0.1:8076;
    auth_basic_user_file /etc/nginx/.htpasswd;
    auth_basic "Access restricted";
    #proxy_buffering off; optional value. if you face "err_content_length_mismatch" cache problem enable this
    client_max_body_size 100M;
 }
}

Now you can access the application with the public IP address of your server with the respective Nginx port (4242).

http://cloudinstance-ip:4242

HTTP Basic Authentication uses username/password credentials transferred without any encryption. So we have to implement (HTTPS) TLS for the Nginx proxy.

Thanks for spending your time. If you like this write-up please do follow me and stay tuned for more technical knowledge.

--

--

secureITmania

Written by secureITmania

649 Followers

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

More from secureITmania

See all from secureITmania

Recommended from Medium

Lists

Coding & Development

11 stories293 saves

General Coding Knowledge

20 stories630 saves
Databricks role-based and specialty certification line-up.

New_Reading_List

174 stories209 saves

Productivity

232 stories214 saves
See more recommendations

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams