0

To explain quickly, I have an nginx server running within Docker, acting as a reverse proxy for my Flask web app. A part of my configuration is using proxy_set_header Authorization to pass some credentials into the proxy_pass website.

This all works fine - but, I want to push all this stuff to GitHub, and of course don't want want my creds, encoded or not, to show up.

What is my best option here? All I can think of is having something similar to dotenv, but for nginx.conf files rather than .py files.

Does anyone have any ideas on what I could to in order to pass my creds in but without hardcoding them explicitly in the config?

user8981199
  • 27
  • 5

1 Answers1

0

You can use another configuration file create Variables with NGINX using set and add this file to gitignore.

conf.d/creds.include

set $apiuser "user";
set $apipass "pass";

http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set

app.conf

server {
include conf.d/creds.include;
...
location / {
  proxy_pass ...
  proxy_set_header "Authorization: $apiuser:apipass"
}
}

You should mention this in the README of your repo that anybody know how to use it.

Timo Stark
  • 2,721
  • 1
  • 10
  • 23
  • This definitely seems like the best idea, but I have tried this with a bunch of different sytnaxes, yet still wont work – user8981199 Apr 02 '21 at 22:14
  • Please share your nginx configuration in your original post. I will use this as a template – Timo Stark Apr 03 '21 at 10:16
  • Hey Timo Stark. I re asked the question here: https://stackoverflow.com/questions/66933460/why-arent-my-creds-being-passed-into-my-nginx-conf – user8981199 Apr 03 '21 at 16:30