diff --git a/docker/.env.example b/docker/.env.example index cf09f72bce..3a4a41628e 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -857,6 +857,12 @@ NGINX_PROXY_SEND_TIMEOUT=3600s # Set true to accept requests for /.well-known/acme-challenge/ NGINX_ENABLE_CERTBOT_CHALLENGE=false +# chatbot baisc auth +# If you set the value of NGINX_CHATBOT_BASIC_AUTH_ENABLED to true, please also modify the values of NGINX_CHATBOT_BASIC_AUTH_USER and NGINX_CHATBOT_BASIC_AUTH_PASSWORD. +NGINX_CHATBOT_BASIC_AUTH_ENABLED=false +NGINX_CHATBOT_BASIC_AUTH_USER=dify +NGINX_CHATBOT_BASIC_AUTH_PASSWORD=difyaipwd + # ------------------------------ # Certbot Configuration # ------------------------------ diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index e4b3d8f311..631d179602 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -473,6 +473,9 @@ services: NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} + NGINX_CHATBOT_BASIC_AUTH_ENABLED: ${NGINX_CHATBOT_BASIC_AUTH_ENABLED:-false}} + NGINX_CHATBOT_BASIC_AUTH_USER: ${NGINX_CHATBOT_BASIC_AUTH_USER:-dify} + NGINX_CHATBOT_BASIC_AUTH_PASSWORD: ${NGINX_CHATBOT_BASIC_AUTH_PASSWORD:-difyaipwd} depends_on: - api - web diff --git a/docker/nginx/conf.d/.gitignore b/docker/nginx/conf.d/.gitignore new file mode 100644 index 0000000000..7babc07d4e --- /dev/null +++ b/docker/nginx/conf.d/.gitignore @@ -0,0 +1,3 @@ +.DS_Store +.htpasswd +default.conf \ No newline at end of file diff --git a/docker/nginx/conf.d/default.conf.template b/docker/nginx/conf.d/default.conf.template index 9691122cea..3ca8dec3b5 100644 --- a/docker/nginx/conf.d/default.conf.template +++ b/docker/nginx/conf.d/default.conf.template @@ -24,6 +24,9 @@ server { include proxy.conf; } + # placeholder for chatbot basic auth + ${CHATBOT_BASIC_AUTH_CONFIG} + location / { proxy_pass http://web:3000; include proxy.conf; diff --git a/docker/nginx/docker-entrypoint.sh b/docker/nginx/docker-entrypoint.sh index d343cb3efa..2fc59704fb 100755 --- a/docker/nginx/docker-entrypoint.sh +++ b/docker/nginx/docker-entrypoint.sh @@ -28,6 +28,31 @@ else fi export ACME_CHALLENGE_LOCATION +if [ "${NGINX_CHATBOT_BASIC_AUTH_ENABLED}" = "true" ]; then + # install apache2-utils to get htpasswd + if command -v htpasswd >/dev/null 2>&1; then + echo "htpasswd is installed." + else + echo "htpasswd is not installed." + apt update + apt install -y apache2-utils + fi + + # create htpassword file for basic auth + htpasswd -bc /etc/nginx/conf.d/.htpasswd "${NGINX_CHATBOT_BASIC_AUTH_USER}" "${NGINX_CHATBOT_BASIC_AUTH_PASSWORD}" + + CHATBOT_BASIC_AUTH_CONFIG='location /chat { + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/conf.d/.htpasswd; + proxy_pass http://web:3000; + include proxy.conf; + } + ' +else + CHATBOT_BASIC_AUTH_CONFIG='' +fi +export CHATBOT_BASIC_AUTH_CONFIG + env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -) envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf @@ -36,4 +61,4 @@ envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf # Start Nginx using the default entrypoint -exec nginx -g 'daemon off;' \ No newline at end of file +exec nginx -g 'daemon off;'