I’m new to the DevOps world, but I’ve been working in IT for almost 20 years. This one is a unique challenge for me. I was wondering if anyone would be willing to guide me along with this test question I’ve got:
“I need a small web app (a single HTML page) to be available online. The webpage content is confidential so I need it to be secured with Basic authentication over TLS. I also would like to support a secret token within the URL as a second authentication factor. I would like all the security verification to take place in a separate container before reaching the container that hosts the confidential content. I need to be able to build the entire solution from Dockerfiles and
deploy it via Docker Compose.
Please include the credentials in the documentation you provide (username and password of your choice). The content should be available at https://host:port//index.htm” where the token is any “key” you choose that should be included in the documentation you provide.”
I started by simply building out a fresh linux server, installing docker and docker compose, and then building basic nginx and apache containers. Since then I’ve been down so many rabbit holes on encryption, certs, proxy and reverse proxy - it’s getting kind of crazy.
So first thing’s first, if you can’t get it working outside of docker/kubernetes etc… don’t bother getting it to work within docker or k8s etc. Adding these technologies makes things strictly more complicated… Cheaper to run, more flexible, and lighter on resources, but more complicated.
It sounds like you want to have a container with nginx as a basic reverse proxy, sitting on two networks, with /etc/nginx bind mounted to a volume with configuration and certs and stuff…
… and then a second container sharing the network with the first one that’s serving “the page”.
That’s the gist of it. The docker part is required - otherwise I’d stick to what I know. I actually moved a domain from a hosted server to this one for this exercise, and jeez - I was taking a lot for granted there. Just trying to get tls working against a page running in a container has been a nightmare. I’ve got it up now with a self-signed cert, and the reverse proxy up as well, but not the second server yet. Next up for me is the basic auth, probably with just htaccess / htpsswd and then on to the token.
As I said, any help would be appreciated, but this is also something I would be willing to pay for if someone really thinks they’ve got a handle on the request.
Thanks for getting back!