Http auth req additions - issue 120 (#121)
* added http_auth_req * removed existing set-headers * is defined for proxy_pass_request_body
This commit is contained in:
Tom Gamull
Grzegorz Dzien
parent
e2ec4f6969
commit
783d29639c
38
README.md
38
README.md
@ -313,6 +313,7 @@ nginx_main_template:
|
||||
keyval: false
|
||||
stream_enable: false
|
||||
http_global_autoindex: false
|
||||
#auth_request_http: /auth
|
||||
|
||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
||||
@ -329,6 +330,7 @@ nginx_http_template:
|
||||
root: /usr/share/nginx/html
|
||||
https_redirect: false
|
||||
autoindex: false
|
||||
#auth_request: /auth
|
||||
ssl:
|
||||
cert: /etc/ssl/certs/default.crt
|
||||
key: /etc/ssl/private/default.key
|
||||
@ -345,6 +347,11 @@ nginx_http_template:
|
||||
autoindex: false
|
||||
auth_basic: null
|
||||
auth_basic_file: null
|
||||
#auth_req: /auth
|
||||
#returns:
|
||||
#return302:
|
||||
#code: 302
|
||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||
http_demo_conf: false
|
||||
reverse_proxy:
|
||||
proxy_cache_path:
|
||||
@ -371,6 +378,32 @@ nginx_http_template:
|
||||
location: /
|
||||
proxy_connect_timeout: null
|
||||
proxy_pass: http://backend
|
||||
#proxy_pass_request_body: off
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
#header_upgrade:
|
||||
#name: Upgrade
|
||||
#value: $http_upgrade
|
||||
#header_connection:
|
||||
#name: Connection
|
||||
#value: "Upgrade"
|
||||
#header_random:
|
||||
#name: RandomName
|
||||
#value: RandomValue
|
||||
#internal: false
|
||||
#proxy_store: off
|
||||
#proxy_store_acccess: user:rw
|
||||
proxy_read_timeout: null
|
||||
proxy_ssl:
|
||||
cert: /etc/ssl/certs/proxy_default.crt
|
||||
@ -400,6 +433,11 @@ nginx_http_template:
|
||||
websocket: false
|
||||
auth_basic: null
|
||||
auth_basic_file: null
|
||||
#auth_req: /auth
|
||||
#returns:
|
||||
#return302:
|
||||
#code: 302
|
||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||
health_check_plus: false
|
||||
proxy_cache:
|
||||
proxy_cache_path:
|
||||
|
||||
@ -155,6 +155,7 @@ nginx_main_template:
|
||||
keyval: false
|
||||
stream_enable: false
|
||||
http_global_autoindex: false
|
||||
#auth_request_http: /auth
|
||||
|
||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
||||
@ -172,6 +173,7 @@ nginx_http_template:
|
||||
https_redirect: false
|
||||
autoindex: false
|
||||
try_files: $uri $uri/index.html $uri.html =404
|
||||
#auth_request: /auth
|
||||
ssl:
|
||||
cert: /etc/ssl/certs/default.crt
|
||||
key: /etc/ssl/private/default.key
|
||||
@ -190,6 +192,11 @@ nginx_http_template:
|
||||
auth_basic: null
|
||||
auth_basic_file: null
|
||||
try_files: $uri $uri/index.html $uri.html =404
|
||||
#auth_request: /auth
|
||||
#returns:
|
||||
#return302:
|
||||
#code: 302
|
||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||
http_demo_conf: false
|
||||
reverse_proxy:
|
||||
proxy_cache_path:
|
||||
@ -216,6 +223,32 @@ nginx_http_template:
|
||||
location: /
|
||||
proxy_connect_timeout: null
|
||||
proxy_pass: http://backend
|
||||
#proxy_pass_request_body: off
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
#header_upgrade:
|
||||
#name: Upgrade
|
||||
#value: $http_upgrade
|
||||
#header_connection:
|
||||
#name: Connection
|
||||
#value: "Upgrade"
|
||||
#header_random:
|
||||
#name: RandomName
|
||||
#value: RandomValue
|
||||
#internal: false
|
||||
#proxy_store: off
|
||||
#proxy_store_acccess: user:rw
|
||||
proxy_read_timeout: null
|
||||
proxy_ssl:
|
||||
cert: /etc/ssl/certs/proxy_default.crt
|
||||
@ -242,6 +275,11 @@ nginx_http_template:
|
||||
auth_basic: null
|
||||
auth_basic_file: null
|
||||
try_files: $uri $uri/index.html $uri.html =404
|
||||
#auth_req: /auth
|
||||
#returns:
|
||||
#return302:
|
||||
#code: 302
|
||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||
health_check_plus: false
|
||||
proxy_cache:
|
||||
proxy_cache_path:
|
||||
|
||||
@ -18,4 +18,4 @@
|
||||
when: nginx_modules.xslt | default(false)
|
||||
|
||||
- import_tasks: install-waf.yml
|
||||
when: nginx_modules.waf | default(false) and nginx_type == "plus"
|
||||
when: nginx_modules.waf | default(false) and nginx_type == "plus"
|
||||
@ -46,6 +46,9 @@ proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.valu
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if item.value.auth_request_http is defined %}
|
||||
auth_request {{ item.value.auth_request_http }};
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
{% if item.value.ssl is defined %}
|
||||
@ -83,15 +86,34 @@ server {
|
||||
{% if item.value.try_files is defined %}
|
||||
try_files {{ item.value.try_files }};
|
||||
{% endif %}
|
||||
{% if item.value.auth_request is defined %}
|
||||
auth_request {{ item.value.auth_request }};
|
||||
{% endif %}
|
||||
|
||||
{% if item.value.reverse_proxy is defined %}
|
||||
{% for location in item.value.reverse_proxy.locations %}
|
||||
location {{ item.value.reverse_proxy.locations[location].location }} {
|
||||
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
|
||||
internal;
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
|
||||
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
|
||||
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined and item.value.reverse_proxy.locations[location].auth_basic_file %}
|
||||
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].returns is defined %}
|
||||
{% for code in item.value.reverse_proxy.locations[location].returns %}
|
||||
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
|
||||
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
||||
{% else %}
|
||||
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
|
||||
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
|
||||
{% endif %}
|
||||
@ -99,6 +121,20 @@ server {
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
|
||||
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
|
||||
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
|
||||
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
|
||||
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
|
||||
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
|
||||
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
|
||||
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
|
||||
{% endif %}
|
||||
@ -166,14 +202,6 @@ server {
|
||||
health_check;
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@ -189,11 +217,23 @@ server {
|
||||
{% if item.value.web_server.locations[location].try_files is defined %}
|
||||
try_files {{ item.value.web_server.locations[location].try_files }};
|
||||
{% endif %}
|
||||
{% if item.value.web_server.locations[location].returns is defined %}
|
||||
{% for code in item.value.web_server.locations[location].returns %}
|
||||
{% if item.value.web_server.locations[location].returns[code] is defined %}
|
||||
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
|
||||
{% else %}
|
||||
return {{ item.value.web_server.locations[location].returns[code].url }};
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
|
||||
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
|
||||
{% endif %}
|
||||
{% if item.value.web_server.locations[location].auth_basic_file is defined and item.value.web_server.locations[location].auth_basic_file %}
|
||||
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_file }};
|
||||
{% endif %}
|
||||
{% if item.value.web_server.locations[location].auth_request is defined %}
|
||||
auth_request {{ item.value.web_server.locations[location].auth_request }};
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
@ -219,4 +259,4 @@ server {
|
||||
root {{ item.value.error_page }};
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
}
|
||||
@ -60,6 +60,19 @@
|
||||
- Vary
|
||||
- Cache-Control
|
||||
proxy_redirect: false
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
backend:
|
||||
location: /backend
|
||||
proxy_pass: http://backend_servers/
|
||||
@ -74,6 +87,19 @@
|
||||
- http_502
|
||||
- http_503
|
||||
proxy_redirect: default
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
upstreams:
|
||||
frontend_upstream:
|
||||
name: frontend_servers
|
||||
|
||||
Loading…
Reference in New Issue
Block a user