I implemented Basic authentication on Docker, but I couldn't enter the site, so I thought about the reason.
~~ Super easy ~~ ** Please read to the bottom. ** **
I will set environment variables on Docker
docker-compose.yml
version: '3'
services:
web:
environment:
BASIC_AUTH_USER: 'admin' #Temporary user
BASIC_AUTH_PASSWORD: '0000' #Temporary password
As a reason
app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_action :basic_auth
private
def basic_auth
authenticate_or_request_with_http_basic do |username, password|
username == ENV["BASIC_AUTH_USER"] && password == ENV["BASIC_AUTH_PASSWORD"]#Description to read environment variables
end
end
end
I think that BASIC authentication is implemented with the above description. You may be calling by setting environment variables on the terminal, but ** you have to set environment variables on Docker ** as well. The reason is that Docker creates a container as a virtual machine separate from the PC you are currently using and runs the application on it.
I thought it was a relief, but please wait a moment.
** Can't you give it to Git? .. ?? ** **
If you merge in the current state, ** the user id and password of Basic authentication are completely visible ** from the Git repository, and there is no security.
So
docker-compose.yml
version: '3'
services:
web:
environment:
BASIC_AUTH_USER: ${BASIC_AUTH_USER:-default}
BASIC_AUTH_PASSWORD: ${BASIC_AUTH_PASSWORD-default}
By writing as above, you can bring the environment variables of the server and set them so that they cannot be seen from the outside. ** Don't forget to build because I touched the docker-compose.yml file **.
I'm a beginner, so I'm sorry if I knew it. .. I would appreciate it if you could tell me if there is a bad part! I'm glad I noticed it before merging, and it seems that it can be used when using other APIs.
Recommended Posts