puddle: nginx Basic auth for /ubuntu

The production web server that hosts Ubuntu repositories will be secured
with HTTP Basic auth. Simulate this on the puddle web server as well.

/etc/nginx/htpasswd is managed outside of Ansible.

diff --git a/roles/puddle/tasks/nginx.yml b/roles/puddle/tasks/nginx.yml
index 0ad6715ace0449a2a336878292f7e4552e4ca58d..a243919deb27556282e590e17a491f8cd10f6117 100644 (file)
--- a/roles/puddle/tasks/nginx.yml
+++ b/roles/puddle/tasks/nginx.yml
@@ -21,6 +21,16 @@
   notify:
    - restart nginx
 
+# Note: this file must be installed on the host independent of ansible.
+- name: set permissions on htaccess
+  file:
+    path: '/etc/nginx/htpasswd'
+    owner: root
+    group: nginx
+    mode: 0640
+  notify:
+   - restart nginx
+
 - name: start the nginx service
   service:
     name: nginx

diff --git a/roles/puddle/templates/nginx.conf b/roles/puddle/templates/nginx.conf
index 1d1846d5b10ac9f182fbce7b48fb7a1233a91a83..26527036b4152d99b7c97d7ecab3c7f7c108e65a 100644 (file)
--- a/roles/puddle/templates/nginx.conf
+++ b/roles/puddle/templates/nginx.conf
@@ -83,6 +83,8 @@ http {
             if ($scheme != "https") {
                 rewrite ^ https://$host$uri permanent;
             }
+            auth_basic "Restricted";
+            auth_basic_user_file /etc/nginx/htpasswd;
         }
     }