Add basic auth and ignore backend SSL errors

Add WireGuard firewall rule
2022-08-17 01:15:15 -04:00 · 2022-08-13 00:19:24 -04:00
3 changed files with 15 additions and 0 deletions
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@ -3,6 +3,7 @@ network_type: static
 allow_reboot: true

 packages:
+  - apache2-utils
  - cryptsetup
  - curl
  - dnsutils
--- a/roles/base/tasks/wireguard.yml
+++ b/roles/base/tasks/wireguard.yml
@ -27,3 +27,10 @@
    name: wg-quick@wg0
    state: started
    enabled: true
+
+- name: Add WireGuard firewall rule
+  ufw:
+    rule: allow
+    port: "{{ wireguard.listenport }}"
+    proto: tcp
+  when: wireguard.listenport is defined
--- a/roles/proxy/templates/server-nginx.conf.j2
+++ b/roles/proxy/templates/server-nginx.conf.j2
@ -28,9 +28,16 @@ server {
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
 {% endif %}
  location / {
+{% if item.restrict is defined and item.restrict  %}
+    auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
+    auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
+{% endif %}
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass {{ item.proxy_pass }};
+{% if item.proxy_ssl_verify is defined and item.proxy_ssl_verify is false %}
+    proxy_ssl_verify off;
+{% endif %}
  }
 }
Author	SHA1	Message	Date
Kris Lamoureux	85a6c3894a	Add basic auth and ignore backend SSL errors	2022-08-17 01:15:15 -04:00
Kris Lamoureux	7677bc25fa	Add WireGuard firewall rule	2022-08-13 00:19:24 -04:00