From cab6ab2d8ed5095f8f4a45329dba1b1094339de5 Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <kris@lamoureux.io>
Date: Fri, 19 Aug 2022 00:51:05 -0400
Subject: [PATCH] Strip auth header and update external config

---
 roles/proxy/templates/server-nginx.conf.j2 | 1 +
 roles/traefik/templates/external.yml.j2    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/roles/proxy/templates/server-nginx.conf.j2 b/roles/proxy/templates/server-nginx.conf.j2
index 5b391b2..fefaaa6 100644
--- a/roles/proxy/templates/server-nginx.conf.j2
+++ b/roles/proxy/templates/server-nginx.conf.j2
@@ -31,6 +31,7 @@ server {
 {% if item.restrict is defined and item.restrict  %}
     auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
     auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
+    proxy_set_header Authorization "";
 {% endif %}
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
diff --git a/roles/traefik/templates/external.yml.j2 b/roles/traefik/templates/external.yml.j2
index de9fabd..9ee0f8b 100644
--- a/roles/traefik/templates/external.yml.j2
+++ b/roles/traefik/templates/external.yml.j2
@@ -10,10 +10,12 @@ http:
 {% elif item.middlewares is defined %}
       middlewares: "{{ item.middlewares }}"
 {% endif %}
+{% if traefik_acme_email is defined %}
       tls:
         certResolver: letsencrypt
         domains:
           - main: "{{ item.domain }}"
+{% endif %}
       entryPoints:
         - "websecure"
   services: