Alpine and NGINX Basic Auth Enabled (#22)

* switched to alpine image
* alpine:3.15 shout out to @martadinata666 for the help
* add nginx basic authentication
* readme update for basic auth

Author: xavier-hernandez

Dockerfile

@@ -1,17 +1,10 @@
-FROM ubuntu:20.04
+FROM alpine:3.15 AS builder
 
-RUN export DEBIAN_FRONTEND=noninteractive
-RUN apt-get update -y 
-
-# install nginx
-RUN apt-get install -y nginx
-
-# install deps
-RUN apt-get install -y build-essential libmaxminddb-dev libncurses-dev
-RUN apt-get install -y tini ca-certificates wget curl 
-
-# clean up
-RUN apt-get autoremove -qy
+RUN apk add --no-cache \
+        build-base \
+        libmaxminddb-dev \
+        ncurses-dev \
+        musl-libintl
 
 # set up goacess
 WORKDIR /goaccess
@@ -20,17 +13,30 @@ RUN tar --strip-components=1  -xzvf goaccess-1.5.5.tar.gz
 RUN ./configure --enable-utf8 --enable-geoip=mmdb --with-getline
 RUN make
 RUN make install
+
+FROM alpine:3.15
+RUN apk add --no-cache \
+        bash \
+        nginx \
+        tini \
+        wget \
+        curl \
+        apache2-utils\
+        libmaxminddb \
+        ncurses && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm /etc/nginx/nginx.conf
+
+COPY --from=builder /goaccess /goaccess
 COPY /resources/goaccess/goaccess.conf /goaccess-config/goaccess.conf
 COPY /resources/goaccess/GeoLite2-City.mmdb /goaccess-config/GeoLite2-City.mmdb
 
 # set up nginx
-RUN rm /etc/nginx/sites-enabled/default
 COPY /resources/nginx/index.html /var/www/html/index.html
 COPY /resources/nginx/nginx.conf /etc/nginx/nginx.conf
+ADD /resources/nginx/.htpasswd /opt/auth/.htpasswd
 
+COPY /resources/scripts/start.sh /start.sh
 VOLUME ["/opt/log"]
 EXPOSE 7880
-
-COPY /resources/scripts/start.sh /start.sh
-RUN ["chmod", "+x", "/start.sh"]
-CMD ["bash", "/start.sh"]
+CMD ["sh", "/start.sh"]

README.md

@@ -42,6 +42,10 @@ goaccess:
     restart: always
     environment:
         - TZ=America/New_York
+        - SKIP_ARCHIVED_LOGS=False #optional   
+        - BASIC_AUTH=False #optional
+        - BASIC_AUTH_USERNAME=user #optional
+        - BASIC_AUTH_PASSWORD=pass #optional                
     ports:
         - '7880:7880'
     volumes:
@@ -61,8 +65,19 @@ goaccess:
         - PUID=0
         - PGID=0
         - TZ=America/New_York        
+        - SKIP_ARCHIVED_LOGS=False #optional
+        - BASIC_AUTH=False #optional
+        - BASIC_AUTH_USERNAME=user #optional
+        - BASIC_AUTH_PASSWORD=pass #optional               
 ```
 
+| Parameter | Function |
+|-----------|----------|
+| `-e SKIP_ARCHIVED_LOGS=True/False`         |   (Optional) Defaults to False. Set to True to skip archived logs, i.e. proxy-host*.gz     |
+| `-e BASIC_AUTH=True/False`         |   (Optional) Defaults to False. Set to True to enable nginx basic authentication.  Docker container needs to stopped or restarted each time this flag is modified. This allows for the .htpasswd file to be changed accordingly.   |
+| `-e BASIC_AUTH_USERNAME=user`         |   (Optional) Requires BASIC_AUTH to bet set to True.  Username for basic authentication.     |
+| `-e BASIC_AUTH_PASSWORD=pass`         |   (Optional) Requires BASIC_AUTH to bet set to True.  Password for basic authentication.     |
+
 Thanks to https://github.com/GregYankovoy for the inspiration, and for their nginx.conf :)
 
 This product includes GeoLite2 data created by MaxMind, available from

resources/nginx/.htpasswd

@@ -24,6 +24,7 @@ http {
     access_log off;
 
     location / {
+      #goan_authbasic
       try_files /nonexistent @$type;
     }
 

resources/nginx/nginx.conf

@@ -1,10 +1,41 @@
 #!/bin/bash
-/usr/bin/tini -s -- nginx
 
-#load archived logs
+#BEGIN - Set NGINX basic authentication
+if [[ "${BASIC_AUTH}" == "True" ]]
+then
+    echo "Setting up basic auth in NGINX..."
+    if [[ -z "$BASIC_AUTH_USERNAME" || -z "$BASIC_AUTH_PASSWORD" ]]
+    then
+        echo "Username or password is blank or not set."
+    else
+        nginx_auth_basic_s="#goan_authbasic"
+        nginx_auth_basic_r="auth_basic    \"GoAccess WebUI\";\n      auth_basic_user_file \/opt\/auth\/.htpasswd; \n"
+        sed -i "s/$nginx_auth_basic_s/$nginx_auth_basic_r/" /etc/nginx/nginx.conf
+
+        htpasswd -b /opt/auth/.htpasswd $BASIC_AUTH_USERNAME $BASIC_AUTH_PASSWORD
+    fi
+fi
+#END - Set NGINX basic authentication
+
+#BEGIN - Load archived logs
+if [[ "${SKIP_ARCHIVED_LOGS}" == "True" ]]
+then
+    echo "Skipping archived logs as requested..."
+    touch /goaccess/access_archive.log
+else
+    count=`ls -1 /opt/log/proxy-host-*_access.log*.gz 2>/dev/null | wc -l`
+    if [ $count != 0 ]
+    then 
+        echo "Loading (${count}) archived logs..."
 zcat -f /opt/log/proxy-host-*_access.log*.gz > /goaccess/access_archive.log
+    else
+        echo "No archived logs found..."
+        touch /goaccess/access_archive.log
+fi
+fi
+#END - Load archived logs
 
-#find active logs
+#BEGIN - Find active logs and check for read access
 proxy_host=""
 
 echo "Checking active logs..."
@@ -15,7 +46,12 @@ do
     then
         if [ -r $file ] && R="Read = yes" || R="Read = No"
         then
-            proxy_host+=" $file"
+            if [ -z "$proxy_host" ]
+            then
+                proxy_host="${proxy_host}${file}"
+            else
+                proxy_host="${proxy_host} ${file}"
+            fi
             echo "Filename: $file | $R"
         else
             echo "Filename: $file | $R"
@@ -30,6 +66,13 @@ if [ -z "$proxy_host" ]
 then
     touch /goaccess/access.log
     proxy_host="/goaccess/access.log"
+else
+    echo "Loading proxy-host logs..."    
 fi
+#END - Find active logs and check for read access
+
+#RUN NGINX
+tini -s -- nginx
 
-/usr/bin/tini -s -- /goaccess/goaccess /goaccess/access_archive.log ${proxy_host} --no-global-config --config-file=/goaccess-config/goaccess.conf
+#RUN GOACCESS
+tini -s -- /goaccess/goaccess /goaccess/access_archive.log ${proxy_host} --no-global-config --config-file=/goaccess-config/goaccess.conf