Bug: openssl passwd -bcrypt fails on container start: Unknown option: -bcrypt

[jschanz]

Pre-flight checks

• I have searched existing issues and this hasn't been reported before
• I am running the latest version of FossFLOW
• I have read the README and checked if this is expected behaviour

Deployment method

Docker (docker run)

FossFLOW version / Docker image tag

latest

Browser and version

all

Operating system

all

What happened?

When starting the FossFLOW container with HTTP Basic Auth enabled (HTTP_AUTH_USER and HTTP_AUTH_PASSWORD set), the container fails during the entrypoint script execution. The startup error indicates that the openssl passwd command does not recognize the -bcrypt option.
This prevents the container from generating /etc/nginx/.htpasswd and therefore blocks authentication with a 401.

Relevant entrypoint snippet
The current docker-entrypoint.sh includes:

# Configure HTTP Basic Auth
touch /etc/nginx/.htpasswd
if [ -n "$HTTP_AUTH_USER" ] && [ -n "$HTTP_AUTH_PASSWORD" ]; then
    echo "Setup HTTP Basic Auth..."
    echo "$HTTP_AUTH_USER:$(printf '%s' "$HTTP_AUTH_PASSWORD" | openssl passwd -bcrypt -stdin)" > /etc/nginx/.htpasswd
    sed -i 's/AUTH_BASIC_SETTING/"Restricted"/g' /etc/nginx/http.d/default.conf
else
    echo "No (optional) HTTP Basic Auth configured"
    sed -i 's/AUTH_BASIC_SETTING/off/g' /etc/nginx/http.d/default.conf
fi
echo "Starting nginx..."
nginx -g "daemon off;

It looks like the OpenSSL build shipped in the container image does not support openssl passwd -bcrypt (option missing/disabled) or uses a variant where bcrypt is not available. This may depend on the OpenSSL version or how it was compiled in the base image (or whether a different openssl implementation is being used).

Steps to reproduce

1. Build or run the container (e.g. via docker compose up) with:

HTTP_AUTH_USER set (non-empty)
HTTP_AUTH_PASSWORD set (non-empty)

2. Observe container logs during startup.

Screenshots / screen recordings

Starting FossFLOW backend server...
npm warn config production Use `--omit=dev` instead.
added 69 packages, and audited 70 packages in 6s
25 packages are looking for funding
  run `npm fund` for details
found 0 vulnerabilities
npm notice
npm notice New major version of npm available! 10.9.4 -> 11.11.1
npm notice Changelog: https://github.com/npm/cli/releases/tag/v11.11.1
npm notice To update run: npm install -g npm@11.11.1
npm notice
Backend server started
Setup HTTP Basic Auth...
passwd: Unknown option: -bcrypt
passwd: Use -help for summary.
Starting nginx...
[dotenv@17.3.1] injecting env (0) from .env -- tip: ⚡️ secrets for agents: https://dotenvx.com/as2
FossFLOW Backend Server running on port 3001
Server storage: ENABLED
Storage path: /data/diagrams
Git backup: DISABLED
Storage directory exists: /data/diagrams
Current files in storage: 0 files

Browser console output / Docker logs

Diagram JSON (if relevant)