使用 nginx 认证

README.md

@@ -32,6 +32,11 @@ SOL_SECRET_KEY=your_secret_key_here
 
 ```bash
 
+apt install httpd
+
+htpasswd -c ./htpasswd admin
+# 按提示输入两次密码
+
 `docker compose up -d`
 ```
 

docker-compose.yml

@@ -4,21 +4,30 @@ services:
       context: .
       dockerfile: Dockerfile
       args:
-        # 构建参数（非敏感数据）
         SOL_ENDPOINT: ${SOL_ENDPOINT:-}
     container_name: byreal-table
-    ports:
-      - '80:3000'
+    # 不要再映射 80:3000，改成内部用的 3000 端口（也可以直接去掉 ports，用 expose）
+    expose:
+      - '3000'
     environment:
-      # 运行时环境变量（从 .env 文件读取）
       - SOL_ENDPOINT=${SOL_ENDPOINT}
       - SOL_SECRET_KEY=${SOL_SECRET_KEY}
       - NODE_ENV=production
       - NEXT_TELEMETRY_DISABLED=1
     restart: unless-stopped
-    # 如果需要持久化数据，可以取消注释以下配置
-    # volumes:
-    #   - ./data:/app/data
+    networks:
+      - byreal-network
+
+  nginx:
+    image: nginx:alpine
+    container_name: byreal-nginx
+    depends_on:
+      - byreal-table
+    ports:
+      - '80:80'
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./htpasswd:/etc/nginx/.htpasswd:ro
     networks:
       - byreal-network
 

nginx.conf

@@ -0,0 +1,16 @@
+server {
+  listen 80;
+  server_name _;
+
+  # 开启 Basic Auth
+  auth_basic "Restricted";
+  auth_basic_user_file /etc/nginx/.htpasswd;
+
+  location / {
+    proxy_pass http://byreal-table:3000;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}