From: Ken Dreyer <kdreyer@redhat.com>
Date: Wed, 14 Oct 2015 22:59:43 +0000 (-0600)
Subject: puddle: nginx Basic auth for /ubuntu
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=7179dc327a2ff1d40c39572b7a95417b9c8a441c;p=ceph-cm-ansible.git

puddle: nginx Basic auth for /ubuntu

The production web server that hosts Ubuntu repositories will be secured
with HTTP Basic auth. Simulate this on the puddle web server as well.

/etc/nginx/htpasswd is managed outside of Ansible.
---

diff --git a/roles/puddle/tasks/nginx.yml b/roles/puddle/tasks/nginx.yml
index 0ad6715..a243919 100644
--- a/roles/puddle/tasks/nginx.yml
+++ b/roles/puddle/tasks/nginx.yml
@@ -21,6 +21,16 @@
   notify:
    - restart nginx
 
+# Note: this file must be installed on the host independent of ansible.
+- name: set permissions on htaccess
+  file:
+    path: '/etc/nginx/htpasswd'
+    owner: root
+    group: nginx
+    mode: 0640
+  notify:
+   - restart nginx
+
 - name: start the nginx service
   service:
     name: nginx
diff --git a/roles/puddle/templates/nginx.conf b/roles/puddle/templates/nginx.conf
index 1d1846d..2652703 100644
--- a/roles/puddle/templates/nginx.conf
+++ b/roles/puddle/templates/nginx.conf
@@ -83,6 +83,8 @@ http {
             if ($scheme != "https") {
                 rewrite ^ https://$host$uri permanent;
             }
+            auth_basic "Restricted";
+            auth_basic_user_file /etc/nginx/htpasswd;
         }
     }