Add basic auth and ignore backend SSL errors

2022-08-17 01:15:15 -04:00 · 2022-08-17 01:15:15 -04:00 · 85a6c3894a
commit 85a6c3894a
parent 7677bc25fa
2 changed files with 8 additions and 0 deletions
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@ -3,6 +3,7 @@ network_type: static
 allow_reboot: true

 packages:
+  - apache2-utils
  - cryptsetup
  - curl
  - dnsutils
--- a/roles/proxy/templates/server-nginx.conf.j2
+++ b/roles/proxy/templates/server-nginx.conf.j2
@ -28,9 +28,16 @@ server {
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
 {% endif %}
  location / {
+{% if item.restrict is defined and item.restrict  %}
+    auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
+    auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
+{% endif %}
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass {{ item.proxy_pass }};
+{% if item.proxy_ssl_verify is defined and item.proxy_ssl_verify is false %}
+    proxy_ssl_verify off;
+{% endif %}
  }
 }