Merge 5be761ecb7 into a30945312a

2025-03-21 13:44:59 +08:00 · 2025-03-21 13:44:59 +08:00 · b36899a0ae
commit b36899a0ae
parent a30945312a 5be761ecb7
5 changed files with 42 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -180,6 +180,7 @@ docker/volumes/plugin_daemon/*
 !docker/volumes/oceanbase/init.d

 docker/nginx/conf.d/default.conf
+docker/nginx/conf.d/.htpasswd
 docker/nginx/ssl/*
 !docker/nginx/ssl/.gitkeep
 docker/middleware.env
--- a/docker/.env.example
+++ b/docker/.env.example
@ -889,6 +889,15 @@ NGINX_PROXY_SEND_TIMEOUT=3600s
 # Set true to accept requests for /.well-known/acme-challenge/
 NGINX_ENABLE_CERTBOT_CHALLENGE=false

+# chatbot baisc auth
+# The follow env vars will enable(NGINX_CHATBOT_BASIC_AUTH_ENABLED=true)/disable(NGINX_CHATBOT_BASIC_AUTH_ENABLED=false) the basic auth function for chatbot.
+# The default status is disabled.
+# If you set the value of NGINX_CHATBOT_BASIC_AUTH_ENABLED to true, 
+# please also modify the values of NGINX_CHATBOT_BASIC_AUTH_USER and NGINX_CHATBOT_BASIC_AUTH_PASSWORD for yourself.
+NGINX_CHATBOT_BASIC_AUTH_ENABLED=false
+NGINX_CHATBOT_BASIC_AUTH_USER=dify
+NGINX_CHATBOT_BASIC_AUTH_PASSWORD=difyaipwd
+
 # ------------------------------
 # Certbot Configuration
 # ------------------------------
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@ -663,6 +663,9 @@ services:
      NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
      NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
      CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
+      NGINX_CHATBOT_BASIC_AUTH_ENABLED: ${NGINX_CHATBOT_BASIC_AUTH_ENABLED:-false}
+      NGINX_CHATBOT_BASIC_AUTH_USER: ${NGINX_CHATBOT_BASIC_AUTH_USER:-dify}
+      NGINX_CHATBOT_BASIC_AUTH_PASSWORD: ${NGINX_CHATBOT_BASIC_AUTH_PASSWORD:-difyaipwd}
    depends_on:
      - api
      - web
--- a/docker/nginx/conf.d/default.conf.template
+++ b/docker/nginx/conf.d/default.conf.template
@ -40,6 +40,9 @@ server {
      include proxy.conf;
    }

+    # placeholder for chatbot basic auth
+    ${CHATBOT_BASIC_AUTH_CONFIG}
+
    # placeholder for acme challenge location
    ${ACME_CHALLENGE_LOCATION}

--- a/docker/nginx/docker-entrypoint.sh
+++ b/docker/nginx/docker-entrypoint.sh
@ -31,6 +31,31 @@ else
 fi
 export ACME_CHALLENGE_LOCATION

+if [ "${NGINX_CHATBOT_BASIC_AUTH_ENABLED}" = "true" ]; then
+    # install apache2-utils to get htpasswd
+    if command -v htpasswd >/dev/null 2>&1; then
+        echo "htpasswd is installed."
+    else
+        echo "htpasswd is not installed."
+        apt update
+        apt install -y apache2-utils
+    fi
+
+    # create htpassword file for basic auth
+    htpasswd -bc /etc/nginx/conf.d/.htpasswd "${NGINX_CHATBOT_BASIC_AUTH_USER}" "${NGINX_CHATBOT_BASIC_AUTH_PASSWORD}"
+
+    CHATBOT_BASIC_AUTH_CONFIG='location /chat {
+      auth_basic "Restricted";
+      auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
+      proxy_pass http://web:3000;
+      include proxy.conf;
+    }
+    '
+else
+    CHATBOT_BASIC_AUTH_CONFIG=''
+fi
+export CHATBOT_BASIC_AUTH_CONFIG
+
 env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)

 envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
@ -39,4 +64,4 @@ envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
 envsubst "$env_vars" < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf

 # Start Nginx using the default entrypoint
-exec nginx -g 'daemon off;'
+exec nginx -g 'daemon off;'