Update default

Password protection

Dockerfile

@@ -1,4 +1,4 @@
-FROM lsiobase/alpine.nginx:3.7
+FROM linuxserver/letsencrypt
 
 # set version label
 ARG BUILD_DATE

README.md

@@ -67,6 +67,10 @@ In this instance `PUID=1001` and `PGID=1001`. To find yours use `id user` as bel
 
 Access the web gui at http://SERVERIP:PORT
 
+## Adding password protection
+
+This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place.
+
 ## Info
 
 * To monitor the logs of the container in realtime `docker logs -f heimdall`.
@@ -82,4 +86,5 @@ Access the web gui at http://SERVERIP:PORT
 
 ## Versions
 
++ **06.03.18:** Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place
 + **12.02.18:** Initial Release.

root/defaults/default

@@ -1,15 +1,24 @@
-server {
+## Version 2018/03/08 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/default
-	listen 80 default_server;
 
-	listen 443 ssl;
+# listening on port 80 disabled by default, remove the "#" signs to enable
+# redirect all traffic to https
+#server {
+#	listen 80;
+#	server_name _;
+#	return 301 https://$host$request_uri;
+#}
+
+# main server block
+server {
+	listen 443 ssl default_server;
 
 	root /var/www/localhost/heimdall/public;
-	index index.php index.html index.htm;
+	index index.html index.htm index.php;
 
 	server_name _;
 
-	ssl_certificate /config/keys/cert.crt;
+	# all ssl related config moved to ssl.conf
-	ssl_certificate_key /config/keys/cert.key;
+	include /config/nginx/ssl.conf;
 
 	client_max_body_size 0;
 
@@ -19,12 +28,44 @@ server {
 
 	location ~ \.php$ {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		# With php5-cgi alone:
+		# With php7-cgi alone:
 		fastcgi_pass 127.0.0.1:9000;
-		# With php5-fpm:
+		# With php7-fpm:
-		#fastcgi_pass unix:/var/run/php5-fpm.sock;
+		#fastcgi_pass unix:/var/run/php7-fpm.sock;
 		fastcgi_index index.php;
 		include /etc/nginx/fastcgi_params;
-
 	}
+
+# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
+# notice this is within the same server block as the base
+# don't forget to generate the .htpasswd file as described on docker hub
+#	location ^~ /cp {
+#		auth_basic "Restricted";
+#		auth_basic_user_file /config/nginx/.htpasswd;
+#		include /config/nginx/proxy.conf;
+#		proxy_pass http://192.168.1.50:5050/cp;
+#	}
+
 }
+
+# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
+# notice this is a new server block, you need a new server block for each subdomain
+#server {
+#	listen 443 ssl;
+#
+#	root /config/www;
+#	index index.html index.htm index.php;
+#
+#	server_name cp.*;
+#
+#	include /config/nginx/ssl.conf;
+#
+#	client_max_body_size 0;
+#
+#	location / {
+#		auth_basic "Restricted";
+#		auth_basic_user_file /config/nginx/.htpasswd;
+#		include /config/nginx/proxy.conf;
+#		proxy_pass http://192.168.1.50:5050;	
+#	}
+#}