From 45ae29f4c3246131f032d105c3f5b05330879f28 Mon Sep 17 00:00:00 2001 From: hz Date: Sun, 3 Nov 2024 17:06:17 +0800 Subject: [PATCH 1/3] feat: add basic auth for chatbot --- docker/.env.example | 6 +++++ docker/docker-compose.yaml | 3 +++ docker/nginx/conf.d/.gitignore | 3 +++ docker/nginx/conf.d/default.conf.template | 3 +++ docker/nginx/docker-entrypoint.sh | 27 ++++++++++++++++++++++- 5 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 docker/nginx/conf.d/.gitignore diff --git a/docker/.env.example b/docker/.env.example index 34b2136302..e9533b7886 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -844,6 +844,12 @@ NGINX_PROXY_SEND_TIMEOUT=3600s # Set true to accept requests for /.well-known/acme-challenge/ NGINX_ENABLE_CERTBOT_CHALLENGE=false +# chatbot baisc auth +# If you set the value of NGINX_CHATBOT_BASIC_AUTH_ENABLED to true, please also modify the values of NGINX_CHATBOT_BASIC_AUTH_USER and NGINX_CHATBOT_BASIC_AUTH_PASSWORD. +NGINX_CHATBOT_BASIC_AUTH_ENABLED=false +NGINX_CHATBOT_BASIC_AUTH_USER=dify +NGINX_CHATBOT_BASIC_AUTH_PASSWORD=difyaipwd + # ------------------------------ # Certbot Configuration # ------------------------------ diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 112e9a2702..583693cf64 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -459,6 +459,9 @@ services: NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} + NGINX_CHATBOT_BASIC_AUTH_ENABLED: ${NGINX_CHATBOT_BASIC_AUTH_ENABLED:-false}} + NGINX_CHATBOT_BASIC_AUTH_USER: ${NGINX_CHATBOT_BASIC_AUTH_USER:-dify} + NGINX_CHATBOT_BASIC_AUTH_PASSWORD: ${NGINX_CHATBOT_BASIC_AUTH_PASSWORD:-difyaipwd} depends_on: - api - web diff --git a/docker/nginx/conf.d/.gitignore b/docker/nginx/conf.d/.gitignore new file mode 100644 index 0000000000..7babc07d4e --- /dev/null +++ b/docker/nginx/conf.d/.gitignore @@ -0,0 +1,3 @@ +.DS_Store +.htpasswd +default.conf \ No newline at end of file diff --git a/docker/nginx/conf.d/default.conf.template b/docker/nginx/conf.d/default.conf.template index 9691122cea..3ca8dec3b5 100644 --- a/docker/nginx/conf.d/default.conf.template +++ b/docker/nginx/conf.d/default.conf.template @@ -24,6 +24,9 @@ server { include proxy.conf; } + # placeholder for chatbot basic auth + ${CHATBOT_BASIC_AUTH_CONFIG} + location / { proxy_pass http://web:3000; include proxy.conf; diff --git a/docker/nginx/docker-entrypoint.sh b/docker/nginx/docker-entrypoint.sh index d343cb3efa..2fc59704fb 100755 --- a/docker/nginx/docker-entrypoint.sh +++ b/docker/nginx/docker-entrypoint.sh @@ -28,6 +28,31 @@ else fi export ACME_CHALLENGE_LOCATION +if [ "${NGINX_CHATBOT_BASIC_AUTH_ENABLED}" = "true" ]; then + # install apache2-utils to get htpasswd + if command -v htpasswd >/dev/null 2>&1; then + echo "htpasswd is installed." + else + echo "htpasswd is not installed." + apt update + apt install -y apache2-utils + fi + + # create htpassword file for basic auth + htpasswd -bc /etc/nginx/conf.d/.htpasswd "${NGINX_CHATBOT_BASIC_AUTH_USER}" "${NGINX_CHATBOT_BASIC_AUTH_PASSWORD}" + + CHATBOT_BASIC_AUTH_CONFIG='location /chat { + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/conf.d/.htpasswd; + proxy_pass http://web:3000; + include proxy.conf; + } + ' +else + CHATBOT_BASIC_AUTH_CONFIG='' +fi +export CHATBOT_BASIC_AUTH_CONFIG + env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -) envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf @@ -36,4 +61,4 @@ envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf # Start Nginx using the default entrypoint -exec nginx -g 'daemon off;' \ No newline at end of file +exec nginx -g 'daemon off;' From 503904b99318c45262b80c6e1405914ca166d5ce Mon Sep 17 00:00:00 2001 From: hz Date: Thu, 13 Feb 2025 22:35:39 +0800 Subject: [PATCH 2/3] fix: update the codes for chatbot baisc auth based on PR review comments #10215 --- .gitignore | 1 + docker/.env.example | 5 ++++- docker/nginx/conf.d/.gitignore | 3 --- 3 files changed, 5 insertions(+), 4 deletions(-) delete mode 100644 docker/nginx/conf.d/.gitignore diff --git a/.gitignore b/.gitignore index 60b5781733..4cf84d7e5c 100644 --- a/.gitignore +++ b/.gitignore @@ -177,6 +177,7 @@ docker/volumes/couchbase/* docker/volumes/oceanbase/* docker/nginx/conf.d/default.conf +docker/nginx/conf.d/.htpasswd docker/nginx/ssl/* !docker/nginx/ssl/.gitkeep docker/middleware.env diff --git a/docker/.env.example b/docker/.env.example index e9533b7886..555ea8025b 100644 --- a/docker/.env.example +++ b/docker/.env.example @@ -845,7 +845,10 @@ NGINX_PROXY_SEND_TIMEOUT=3600s NGINX_ENABLE_CERTBOT_CHALLENGE=false # chatbot baisc auth -# If you set the value of NGINX_CHATBOT_BASIC_AUTH_ENABLED to true, please also modify the values of NGINX_CHATBOT_BASIC_AUTH_USER and NGINX_CHATBOT_BASIC_AUTH_PASSWORD. +# The follow env vars will enable(NGINX_CHATBOT_BASIC_AUTH_ENABLED=true)/disable(NGINX_CHATBOT_BASIC_AUTH_ENABLED=false) the basic auth function for chatbot. +# The default status is disabled. +# If you set the value of NGINX_CHATBOT_BASIC_AUTH_ENABLED to true, +# please also modify the values of NGINX_CHATBOT_BASIC_AUTH_USER and NGINX_CHATBOT_BASIC_AUTH_PASSWORD for yourself. NGINX_CHATBOT_BASIC_AUTH_ENABLED=false NGINX_CHATBOT_BASIC_AUTH_USER=dify NGINX_CHATBOT_BASIC_AUTH_PASSWORD=difyaipwd diff --git a/docker/nginx/conf.d/.gitignore b/docker/nginx/conf.d/.gitignore deleted file mode 100644 index 7babc07d4e..0000000000 --- a/docker/nginx/conf.d/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -.DS_Store -.htpasswd -default.conf \ No newline at end of file From b6c796024d02f0d558d429b53b436e5885e747cf Mon Sep 17 00:00:00 2001 From: hz Date: Sat, 15 Feb 2025 10:56:02 +0800 Subject: [PATCH 3/3] fix: docker compose config for #10215 --- docker/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 583693cf64..ba0a649bd2 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -459,7 +459,7 @@ services: NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s} NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false} CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-} - NGINX_CHATBOT_BASIC_AUTH_ENABLED: ${NGINX_CHATBOT_BASIC_AUTH_ENABLED:-false}} + NGINX_CHATBOT_BASIC_AUTH_ENABLED: ${NGINX_CHATBOT_BASIC_AUTH_ENABLED:-false} NGINX_CHATBOT_BASIC_AUTH_USER: ${NGINX_CHATBOT_BASIC_AUTH_USER:-dify} NGINX_CHATBOT_BASIC_AUTH_PASSWORD: ${NGINX_CHATBOT_BASIC_AUTH_PASSWORD:-difyaipwd} depends_on: