Add basic Authentication to the stack in Lieu of XPACK Auth (#42)

* add automated CogStack container build on cloud.docker.com

* modify CogStack Docker CMD script

* add multi-node ELK Stack and CogStack docker-compose file

* correct typo when copying elasticsearch.yml

* add docs for multi-node ELK stack cogstack compose

add to main README.md the docker-compose docs for docker-cogstack/compose-ymls/cogstack-clust/

* add basic auth nginx proxy to stack

* proxy/auth both kibana and elasticsearch as default (drop elastic search proxy for prod)

.gitignore

@@ -8,4 +8,4 @@ nbproject/*
 .idea/*
 cogstack*log
 logs/*
-
+.htpasswd

docker-cogstack/compose-ymls/cogstack-clust/docker-compose.yml

@@ -2,15 +2,21 @@ version: '2.0'
 services:
 
 
+#---------------------------------------------------------------------------#
+# Postgres container for spring batch / cogstack testing                    #
+#---------------------------------------------------------------------------#
   postgres:
     image: cogstacksystems/postgres:latest
     container_name: postgres
     ports:
-      - 5432:5432
+      - 5432
     networks:
       - esnet
 
 
+#---------------------------------------------------------------------------#
+# CogStack containers                                                       #
+#---------------------------------------------------------------------------#
   cogstack:
     image: cogstacksystems/cogstack-pipeline:latest
     container_name: cogstack
@@ -24,6 +30,9 @@ services:
       - esnet
 
 
+#---------------------------------------------------------------------------#
+# Elasticsearch cluster                                                     #
+#---------------------------------------------------------------------------#
   elasticsearch:
     image: docker.elastic.co/elasticsearch/elasticsearch:6.2.4
     container_name: elasticsearch
@@ -41,7 +50,8 @@ services:
       - esdata1:/usr/share/elasticsearch/data
       - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
     ports:
-      - 9200:9200
+#      - "9200:9200"    #without proxy, forward to host:9200
+      - 9200
     networks:
       - esnet
 
@@ -88,10 +98,15 @@ services:
       - esnet
 
 
+#---------------------------------------------------------------------------#
+# Kibana webapp                                                             #
+#---------------------------------------------------------------------------#
   kibana:
     image: docker.elastic.co/kibana/kibana:6.2.4
+    container_name: kibana
     ports:
-      - 5601:5601
+#      - "5601:5601"    #without proxy, forward to host:5601
+      - "5601"        #with nginx proxy forwarding host:5601/ --> [kibana]:5601 
     depends_on:
       - elasticsearch3
     volumes:
@@ -100,6 +115,30 @@ services:
       - esnet
       - public
 
+#---------------------------------------------------------------------------#
+# Reverse proxy (+ host-container proxy and basic auth)                     #
+#---------------------------------------------------------------------------#
+  proxy:
+    image: nginx:1.13.1-alpine
+    restart: always
+    networks:
+      - public
+      - esnet
+    depends_on:
+      - kibana
+      - elasticsearch
+    ports:
+#      - "80:80"
+#      - "443:443"
+      - "5601:5601" #nginx listening to container:5601, forward to host:5601 
+      - "9200:9200" #nginx listening to container:9200, forward to host:9200   
+    volumes:
+      - ./nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/auth/.htpasswd:/etc/apache2/.htpasswd:ro
+
+#---------------------------------------------------------------------------#
+# Docker named volumes                                                      #
+#---------------------------------------------------------------------------#
 volumes:
   esdata1:
     driver: local
@@ -109,6 +148,9 @@ volumes:
     driver: local  
 
 
+#---------------------------------------------------------------------------#
+# Docker virtual networks                                                   #
+#---------------------------------------------------------------------------#
 networks:
   esnet:
     driver: bridge

docker-cogstack/compose-ymls/cogstack-clust/nginx/auth/README.md

@@ -0,0 +1,29 @@
+Basic Auth with nginx
+=====================
+https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
+
+Password file creation utility such as apache2-utils
+
+```sh
+$ sudo htpasswd -c ./auth/.htpasswd user1
+```
+
+Press Enter and type the password for user1 at the prompts.
+
+Create additional user-password pairs. Omit the -c flag because the file already exists:
+
+```sh
+$ sudo htpasswd -c ./auth/.htpasswd user1
+```
+
+You can confirm that the file contains paired usernames and encrypted passwords:
+
+```sh
+$ cat ./auth/.htpasswd
+
+user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0
+user2:$apr1$QdR8fNLT$vbCEEzDj7LyqCMyNpSoBh/
+user3:$apr1$Mr5A0e.U$0j39Hp5FfxRkneklXaMrr/
+```
+
+

docker-cogstack/compose-ymls/cogstack-clust/nginx/config/nginx.conf

@@ -0,0 +1,34 @@
+worker_processes 1;
+
+events { worker_connections 1024; }
+
+
+http {
+
+    server {
+        listen 5601;
+#        access_log /var/log/nginx/access.log compression;
+
+            location / {
+                proxy_pass         http://kibana:5601;
+                proxy_set_header   Host $host;
+                auth_basic         "Cogstack Login";
+                auth_basic_user_file /etc/apache2/.htpasswd;
+            }
+    }
+
+
+    server {
+        listen 9200;
+#        access_log /var/log/nginx/access.log compression;
+
+            location / {
+                proxy_pass         http://elasticsearch:9200;
+                proxy_set_header   Host $host;
+                auth_basic         "Elasticsearch Login";
+                auth_basic_user_file /etc/apache2/.htpasswd;
+            }
+    }
+}
+
+