From 85a6c3894a6a2540334b48baf8aa02ff505aeba7 Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <kris@lamoureux.io>
Date: Wed, 17 Aug 2022 01:15:15 -0400
Subject: [PATCH] Add basic auth and ignore backend SSL errors

---
 roles/base/defaults/main.yml               | 1 +
 roles/proxy/templates/server-nginx.conf.j2 | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index e20785b..95d98a5 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -3,6 +3,7 @@ network_type: static
 allow_reboot: true
 
 packages:
+  - apache2-utils
   - cryptsetup
   - curl
   - dnsutils
diff --git a/roles/proxy/templates/server-nginx.conf.j2 b/roles/proxy/templates/server-nginx.conf.j2
index 648ef00..5b391b2 100644
--- a/roles/proxy/templates/server-nginx.conf.j2
+++ b/roles/proxy/templates/server-nginx.conf.j2
@@ -28,9 +28,16 @@ server {
   ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
 {% endif %}
   location / {
+{% if item.restrict is defined and item.restrict  %}
+    auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
+    auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
+{% endif %}
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_pass {{ item.proxy_pass }};
+{% if item.proxy_ssl_verify is defined and item.proxy_ssl_verify is false %}
+    proxy_ssl_verify off;
+{% endif %}
   }
 }