Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

private feeds via nginx reverse proxy (workaround)

See original GitHub issue

Several people would like to run a private nuget feed. The depending pull request is open for 2 years now. It seems that this could take a while to be published. https://github.com/loic-sharma/BaGet/pull/69

I provide the baget service behind a nuget reverse proxy where nginx takes over the authentification part. In combination with docker compose this works quite well. I think this is a nice workaround as long the pull request is open.

The nginx site configuration:

server {
  listen 80;
  server_name packages.myawesomeproject.com;

  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header   X-Forwarded-Proto $scheme;
  proxy_set_header   Host $host;

  location / {
    auth_basic "Resticted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass http://baget:80;
  }

creating the htpasswd file:

sudo sh -c "echo -n '[username]:' >> /etc/nginx/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"

As many people didn’t know how nuget auth works exactly it would be nice to add this way to the documentation. An all in one docker-compose file with nginx and baget would be awesome.

Issue Analytics

State:
Created 3 years ago
Reactions:8
Comments:7

Top GitHub Comments

4reactions

pierrediancourtcommented, Aug 21, 2020

Hi @abakumov-v,
Here’s something that works. It may not be the prettier or easier way as i didn’t put a lot of time into it.
Just pop a thumb up on this message if that helps you 😉
Let’s avoid flooding this topic !

version: '3'

services:
  baget:
    image: loicsharma/baget:latest
    restart: unless-stopped
    container_name: packagemanager_baget
    hostname: baget
    expose:
      - 80
    environment:
      - ASPNETCORE_ENVIRONMENT=Release
      - ApiKey=xxxxxxxxxxxxxxxxxx
      - PackageDeletionBehavior=Unlist
      - AllowPackageOverwrites=true
      - Storage__Type=FileSystem
      - Storage__Path=/var/baget/packages
      - Database__Type=PostgreSql
      - Database__ConnectionString=User ID=baget;Password=MySuperPassword;Host=postgres;Port=5432;Database=baget;
      - Search__Type=Database
      - Mirror__Enable=true
      - Mirror__PackageSource="https://api.nuget.org/v3/index.json"
    volumes:
      - baget_data:/var/baget

  postgres:
    image: postgres:12.3-alpine
    restart: unless-stopped
    container_name: packagemanager_postgres
    hostname: postgres
    expose:
      - 5432
    environment:
      - POSTGRES_USER=baget
      - POSTGRES_PASSWORD=MySuperPassword
      - POSTGRES_DB=baget
    volumes:
      # This needs explicit mapping due to https://github.com/docker-library/postgres/blob/4e48e3228a30763913ece952c611e5e9b95c8759/Dockerfile.template#L52
      - postgres_data:/var/lib/postgresql/data

volumes:
  baget_data:
  postgres_data:

nginx config :

upstream baget{
    server packagemanager_baget:80;
}

server {
    listen 80;
    server_name baget.example.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name baget.example.com;

     # managing the ssl/tls traffic decryption, dependant on your setup, this is just an example
     ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;
     ssl_protocols         TLSv1.2; # obsolete : SSLv3 TLSv1 TLSv1.1 
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_session_cache     shared:SSL:20m;
    ssl_session_timeout   4h;

    # blocking the search engines
    location = /robots.txt {
        add_header Content-Type text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }

    location / {
        # blacklisting every ip but these :
        satisfy all;
        allow 000.000.000.000; # my public ip accessing this service
        allow 000.000.000.001; # another ip allowed to access
        deny all;

        proxy_max_temp_file_size 2048m; # optional and depends on the size of the things that are uploaded/downloaded through nginx 

        proxy_pass http://baget;
        proxy_redirect off;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

3reactions

johanneswdmcommented, Aug 5, 2020

But how is it possible to authenticate when using the included symbol-server? It seems like Visual Studio has no built-in option to use password-protected symbol servers and it returns me a 401: Unauthorized.