Overview

Our platform allows users to create YAML Docker Compose files to deploy containers. As part of this process, there is an optional feature to enable or disable basic authentication using a toggle. Users should enable this feature if they want to protect access to a public-facing site in front of a web application service defined in the template. However, if the service already has its own authentication mechanisms, enabling basic authentication is unnecessary and may cause conflicts.

When to Enable Basic Authentication

You should enable basic authentication by switching the toggle from Disabled to Enabled only under the following conditions:
  • You want to restrict access to a public-facing service that does not have built-in authentication.
  • The service does not include its own authentication mechanism, and you need an additional layer of protection..
  • Authentication credentials are properly configured in the environment variables or a secrets management system.

When to Leave Basic Authentication Disabled

Keep the authentication toggle in the Disabled state if:
  • The service is for internal use within a secured network and does not need additional authentication.
  • The application running inside the container already has its own authentication mechanism, such as JWT or OAuth, which could conflict with basic authentication.
  • Services like Jupyter Notebooks have TOKEN and PW defined, making additional authentication unnecessary.
  • Other services or automation scripts rely on unauthenticated access to function properly.
  • The authentication credentials have not been properly set up, which could lead to broken deployments.

Potential Issues When Enabling Authentication Unnecessarily

If basic authentication is enabled when it is not required, the following issues may arise:
  • Service Misconfiguration - If the application does not expect authentication, enabling it could prevent it from functioning correctly.
  • Conflicts with Built-in Authentication - f the application has its own authentication (e.g., JWT, OAuth, or predefined tokens like Jupyter Notebook’s TOKEN and PW), enforcing basic authentication could interfere with its login flow.
  • Breakage of Internal Communication - Some services within the Docker network might rely on unrestricted access. Enabling authentication could block these interactions unless additional configuration is applied.
  • Automation and CI/CD Failures - Scripts, webhooks, or integrations expecting unauthenticated access may fail if authentication is suddenly required.
  • Security Risks - If authentication is enabled but not properly configured, it could expose the service to unexpected security vulnerabilities or prevent authorized users from accessing it.

Best Practices

  • Determine whether authentication is necessary based on your security needs, not just template defaults.
  • Ensure that credentials are securely stored and correctly referenced in your environment variables.
  • Test your deployment after toggling authentication to confirm that services function as expected.
  • If unsure, leave authentication Disabled unless explicitly required to secure public-facing access.