From 2a41658d59f1ce77adeec6f5767815dd376ab627 Mon Sep 17 00:00:00 2001
From: Vincent Emonet <vincent.emonet@gmail.com>
Date: Mon, 6 Dec 2021 23:20:13 +0100
Subject: [PATCH] Add docker-compose.yml and nginx.conf for nginx
 authentication

---
 docker-compose.yml | 22 ++++++++++++++++++++++
 server/nginx.conf  | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 docker-compose.yml
 create mode 100644 server/nginx.conf

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..5efb9433
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,22 @@
+version: "3"
+
+services:
+
+  oxigraph:
+    # image: oxigraph/oxigraph
+    build: .
+    volumes:
+      - ./data:/data
+
+  nginx-auth:
+    image: nginx:1.21.4
+    volumes:
+      - ./server/nginx.conf:/etc/nginx/nginx.conf
+      ## For multiple users: uncomment this line to use your local .htpasswd file:
+      # - ./.htpasswd:/etc/nginx/.htpasswd
+    ports:
+      - 7878:7878
+    environment:
+      - OXIGRAPH_USER=${OXIGRAPH_USER:-oxigraph}
+      - OXIGRAPH_PASSWORD=${OXIGRAPH_PASSWORD:-oxigraphy}
+    entrypoint: "bash -c 'echo -n $OXIGRAPH_USER: >> /etc/nginx/.htpasswd && echo $OXIGRAPH_PASSWORD | openssl passwd -stdin -apr1 >> /etc/nginx/.htpasswd && /docker-entrypoint.sh nginx'"
diff --git a/server/nginx.conf b/server/nginx.conf
new file mode 100644
index 00000000..c6dcf0a0
--- /dev/null
+++ b/server/nginx.conf
@@ -0,0 +1,38 @@
+events {
+    worker_connections  1024;
+}
+daemon off;
+http {
+    server {
+        server_name localhost;
+        listen 7878;
+
+        rewrite ^/(.*) /$1 break;
+        proxy_ignore_client_abort on;
+        proxy_set_header  X-Real-IP  $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  Host $http_host;
+
+        # Enable CORS requests
+        proxy_set_header Access-Control-Allow-Origin "*";
+
+        location ~ ^(/|/query)$ {
+            # limit_except GET POST OPTIONS {
+            #         deny  all;
+            # }
+            proxy_pass http://oxigraph:7878;
+            proxy_pass_request_headers on;
+        }
+
+        location /update {
+            # Auth: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
+            limit_except GET POST {
+                    deny  all;
+            }
+            auth_basic           "Oxygraph Administrator's Area";
+            auth_basic_user_file /etc/nginx/.htpasswd; 
+            proxy_pass http://oxigraph:7878;
+            proxy_pass_request_headers on;
+        }
+    }
+}