Password-protect access to the Solr instance.

Author: kernelmethod

docker-compose.yml

@@ -30,8 +30,6 @@ services:
       - .env
     #volumes:
     #  - solrdata:/var/solr:rw
-    ports:
-      - "8983:8983"
     networks:
       - tec-net
     command:

docker/nginx/Dockerfile

@@ -12,9 +12,12 @@ RUN adduser -D -s /bin/false -G www-data www-data
 RUN mkdir -p /data/nginx/cache
 
 RUN apk update \
-    && apk add --no-cache openssl \
+    && apk add --no-cache openssl apache2-utils \
     && mkdir -p /tls/encryptioncompendium.org/
 
+# Create an empty .htpasswd file for authentication
+RUN touch /etc/nginx/.htpasswd
+
 # Add a custom run script
 COPY run.sh /run.sh
 CMD [ "/run.sh" ]

docker/nginx/conf.d/default.conf

@@ -3,6 +3,10 @@ upstream encryption_compendium_server {
     server tec-gunicorn:5000;
 }
 
+upstream solr {
+    server tec-search:8983;
+}
+
 limit_req_zone $binary_remote_addr zone=mylimit:10m rate=60r/m;
 
 server {
@@ -27,6 +31,16 @@ server {
         proxy_redirect off;
     }
 
+    location /solr/ {
+        proxy_pass http://solr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+    }
+
     location /static/ {
         # Serve static files from Nginx since it's _significantly_ more performant
         # than having Gunicorn serve those files.