Http auth req additions - issue 120 (#121)
* added http_auth_req * removed existing set-headers * is defined for proxy_pass_request_body
This commit is contained in:
parent
e2ec4f6969
commit
783d29639c
38
README.md
38
README.md
@ -313,6 +313,7 @@ nginx_main_template:
|
|||||||
keyval: false
|
keyval: false
|
||||||
stream_enable: false
|
stream_enable: false
|
||||||
http_global_autoindex: false
|
http_global_autoindex: false
|
||||||
|
#auth_request_http: /auth
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
# Enable creating dynamic templated NGINX HTTP configuration files.
|
||||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
||||||
@ -329,6 +330,7 @@ nginx_http_template:
|
|||||||
root: /usr/share/nginx/html
|
root: /usr/share/nginx/html
|
||||||
https_redirect: false
|
https_redirect: false
|
||||||
autoindex: false
|
autoindex: false
|
||||||
|
#auth_request: /auth
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/ssl/certs/default.crt
|
cert: /etc/ssl/certs/default.crt
|
||||||
key: /etc/ssl/private/default.key
|
key: /etc/ssl/private/default.key
|
||||||
@ -345,6 +347,11 @@ nginx_http_template:
|
|||||||
autoindex: false
|
autoindex: false
|
||||||
auth_basic: null
|
auth_basic: null
|
||||||
auth_basic_file: null
|
auth_basic_file: null
|
||||||
|
#auth_req: /auth
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
http_demo_conf: false
|
http_demo_conf: false
|
||||||
reverse_proxy:
|
reverse_proxy:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
@ -371,6 +378,32 @@ nginx_http_template:
|
|||||||
location: /
|
location: /
|
||||||
proxy_connect_timeout: null
|
proxy_connect_timeout: null
|
||||||
proxy_pass: http://backend
|
proxy_pass: http://backend
|
||||||
|
#proxy_pass_request_body: off
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
#header_upgrade:
|
||||||
|
#name: Upgrade
|
||||||
|
#value: $http_upgrade
|
||||||
|
#header_connection:
|
||||||
|
#name: Connection
|
||||||
|
#value: "Upgrade"
|
||||||
|
#header_random:
|
||||||
|
#name: RandomName
|
||||||
|
#value: RandomValue
|
||||||
|
#internal: false
|
||||||
|
#proxy_store: off
|
||||||
|
#proxy_store_acccess: user:rw
|
||||||
proxy_read_timeout: null
|
proxy_read_timeout: null
|
||||||
proxy_ssl:
|
proxy_ssl:
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
cert: /etc/ssl/certs/proxy_default.crt
|
||||||
@ -400,6 +433,11 @@ nginx_http_template:
|
|||||||
websocket: false
|
websocket: false
|
||||||
auth_basic: null
|
auth_basic: null
|
||||||
auth_basic_file: null
|
auth_basic_file: null
|
||||||
|
#auth_req: /auth
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
health_check_plus: false
|
health_check_plus: false
|
||||||
proxy_cache:
|
proxy_cache:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
|
@ -155,6 +155,7 @@ nginx_main_template:
|
|||||||
keyval: false
|
keyval: false
|
||||||
stream_enable: false
|
stream_enable: false
|
||||||
http_global_autoindex: false
|
http_global_autoindex: false
|
||||||
|
#auth_request_http: /auth
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
# Enable creating dynamic templated NGINX HTTP configuration files.
|
||||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
||||||
@ -172,6 +173,7 @@ nginx_http_template:
|
|||||||
https_redirect: false
|
https_redirect: false
|
||||||
autoindex: false
|
autoindex: false
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
|
#auth_request: /auth
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/ssl/certs/default.crt
|
cert: /etc/ssl/certs/default.crt
|
||||||
key: /etc/ssl/private/default.key
|
key: /etc/ssl/private/default.key
|
||||||
@ -190,6 +192,11 @@ nginx_http_template:
|
|||||||
auth_basic: null
|
auth_basic: null
|
||||||
auth_basic_file: null
|
auth_basic_file: null
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
|
#auth_request: /auth
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
http_demo_conf: false
|
http_demo_conf: false
|
||||||
reverse_proxy:
|
reverse_proxy:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
@ -216,6 +223,32 @@ nginx_http_template:
|
|||||||
location: /
|
location: /
|
||||||
proxy_connect_timeout: null
|
proxy_connect_timeout: null
|
||||||
proxy_pass: http://backend
|
proxy_pass: http://backend
|
||||||
|
#proxy_pass_request_body: off
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
#header_upgrade:
|
||||||
|
#name: Upgrade
|
||||||
|
#value: $http_upgrade
|
||||||
|
#header_connection:
|
||||||
|
#name: Connection
|
||||||
|
#value: "Upgrade"
|
||||||
|
#header_random:
|
||||||
|
#name: RandomName
|
||||||
|
#value: RandomValue
|
||||||
|
#internal: false
|
||||||
|
#proxy_store: off
|
||||||
|
#proxy_store_acccess: user:rw
|
||||||
proxy_read_timeout: null
|
proxy_read_timeout: null
|
||||||
proxy_ssl:
|
proxy_ssl:
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
cert: /etc/ssl/certs/proxy_default.crt
|
||||||
@ -242,6 +275,11 @@ nginx_http_template:
|
|||||||
auth_basic: null
|
auth_basic: null
|
||||||
auth_basic_file: null
|
auth_basic_file: null
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
|
#auth_req: /auth
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
health_check_plus: false
|
health_check_plus: false
|
||||||
proxy_cache:
|
proxy_cache:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
|
@ -18,4 +18,4 @@
|
|||||||
when: nginx_modules.xslt | default(false)
|
when: nginx_modules.xslt | default(false)
|
||||||
|
|
||||||
- import_tasks: install-waf.yml
|
- import_tasks: install-waf.yml
|
||||||
when: nginx_modules.waf | default(false) and nginx_type == "plus"
|
when: nginx_modules.waf | default(false) and nginx_type == "plus"
|
@ -46,6 +46,9 @@ proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.valu
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.auth_request_http is defined %}
|
||||||
|
auth_request {{ item.value.auth_request_http }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
{% if item.value.ssl is defined %}
|
{% if item.value.ssl is defined %}
|
||||||
@ -83,15 +86,34 @@ server {
|
|||||||
{% if item.value.try_files is defined %}
|
{% if item.value.try_files is defined %}
|
||||||
try_files {{ item.value.try_files }};
|
try_files {{ item.value.try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.auth_request is defined %}
|
||||||
|
auth_request {{ item.value.auth_request }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.reverse_proxy is defined %}
|
{% if item.value.reverse_proxy is defined %}
|
||||||
{% for location in item.value.reverse_proxy.locations %}
|
{% for location in item.value.reverse_proxy.locations %}
|
||||||
location {{ item.value.reverse_proxy.locations[location].location }} {
|
location {{ item.value.reverse_proxy.locations[location].location }} {
|
||||||
|
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
|
||||||
|
internal;
|
||||||
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
|
||||||
|
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
|
||||||
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
|
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
|
||||||
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
|
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined and item.value.reverse_proxy.locations[location].auth_basic_file %}
|
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined and item.value.reverse_proxy.locations[location].auth_basic_file %}
|
||||||
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
|
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].returns is defined %}
|
||||||
|
{% for code in item.value.reverse_proxy.locations[location].returns %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
|
||||||
|
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
||||||
|
{% else %}
|
||||||
|
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
|
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
|
||||||
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
|
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -99,6 +121,20 @@ server {
|
|||||||
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
|
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
|
||||||
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
|
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
|
||||||
|
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
|
||||||
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
|
||||||
|
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
|
||||||
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
|
||||||
|
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
|
||||||
|
{% endif %}
|
||||||
|
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
|
||||||
|
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
|
||||||
|
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
|
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
|
||||||
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
|
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -166,14 +202,6 @@ server {
|
|||||||
health_check;
|
health_check;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "Upgrade";
|
|
||||||
{% endif %}
|
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -189,11 +217,23 @@ server {
|
|||||||
{% if item.value.web_server.locations[location].try_files is defined %}
|
{% if item.value.web_server.locations[location].try_files is defined %}
|
||||||
try_files {{ item.value.web_server.locations[location].try_files }};
|
try_files {{ item.value.web_server.locations[location].try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.value.web_server.locations[location].returns is defined %}
|
||||||
|
{% for code in item.value.web_server.locations[location].returns %}
|
||||||
|
{% if item.value.web_server.locations[location].returns[code] is defined %}
|
||||||
|
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
|
||||||
|
{% else %}
|
||||||
|
return {{ item.value.web_server.locations[location].returns[code].url }};
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
|
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
|
||||||
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
|
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_basic_file is defined and item.value.web_server.locations[location].auth_basic_file %}
|
{% if item.value.web_server.locations[location].auth_basic_file is defined and item.value.web_server.locations[location].auth_basic_file %}
|
||||||
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_file }};
|
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_file }};
|
||||||
|
{% endif %}
|
||||||
|
{% if item.value.web_server.locations[location].auth_request is defined %}
|
||||||
|
auth_request {{ item.value.web_server.locations[location].auth_request }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
@ -219,4 +259,4 @@ server {
|
|||||||
root {{ item.value.error_page }};
|
root {{ item.value.error_page }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
@ -60,6 +60,19 @@
|
|||||||
- Vary
|
- Vary
|
||||||
- Cache-Control
|
- Cache-Control
|
||||||
proxy_redirect: false
|
proxy_redirect: false
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
backend:
|
backend:
|
||||||
location: /backend
|
location: /backend
|
||||||
proxy_pass: http://backend_servers/
|
proxy_pass: http://backend_servers/
|
||||||
@ -74,6 +87,19 @@
|
|||||||
- http_502
|
- http_502
|
||||||
- http_503
|
- http_503
|
||||||
proxy_redirect: default
|
proxy_redirect: default
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
upstreams:
|
upstreams:
|
||||||
frontend_upstream:
|
frontend_upstream:
|
||||||
name: frontend_servers
|
name: frontend_servers
|
||||||
|
Loading…
Reference in New Issue
Block a user