[DOCKER] SETUP KAFKA NGINX AUTH - fourslickz/notes GitHub Wiki

docker-compose.yml

version: "3.9"

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.6.1
    container_name: zookeeper
    restart: unless-stopped
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
    ports:
      - "2181:2181"
    volumes:
      - /opt/docker/kafka/data/zookeeper/data:/var/lib/zookeeper/data
      - /opt/docker/kafka/data/zookeeper/log:/var/lib/zookeeper/log
    healthcheck:
      test: ["CMD", "nc", "-z", "localhost", "2181"]
      interval: 10s
      timeout: 5s
      retries: 5

  kafka:
    image: confluentinc/cp-kafka:7.6.1
    container_name: kafka
    restart: unless-stopped
    depends_on:
      zookeeper:
        condition: service_healthy
    ports:
      - "9092:9092"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181

      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT
      KAFKA_LISTENERS: INTERNAL://0.0.0.0:29092,EXTERNAL://0.0.0.0:9092
      KAFKA_ADVERTISED_LISTENERS: INTERNAL://kafka:29092,EXTERNAL://10.130.249.225:9092
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL

      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1

    volumes:
      - /opt/docker/kafka/data/kafka:/var/lib/kafka/data

    healthcheck:
      test: ["CMD", "nc", "-z", "localhost", "9092"]
      interval: 10s
      timeout: 5s
      retries: 5

  kafka-ui:
    image: provectuslabs/kafka-ui:v0.7.2
    container_name: kafka-ui
    restart: unless-stopped
    depends_on:
      kafka:
        condition: service_healthy
    ports:
      - "127.0.0.1:3088:8080"
    environment:
      KAFKA_CLUSTERS_0_NAME: local_kafka
      KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka:29092
      KAFKA_CLUSTERS_0_ZOOKEEPER: zookeeper:2181

Permission

sudo mkdir -p /opt/docker/kafka/data/zookeeper/data
sudo mkdir -p /opt/docker/kafka/data/zookeeper/log
sudo mkdir -p /opt/docker/kafka/data/kafka
sudo chown -R 1000:1000 /opt/docker/kafka

---

Nginx

server {
    listen 443 ssl;
    server_name kafka.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/kafka.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kafka.yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:3088;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;

        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Create auth

sudo apt install apache2-utils   
sudo htpasswd -c /etc/nginx/.htpasswd admin
htpasswd -c /etc/nginx/.htpasswd admin