Manage auth basic on all vhost

pull/14/head
Emilien Mantel 2015-12-03 17:09:29 +01:00
parent 88d1c7fdb7
commit f9127f9a40
2 changed files with 16 additions and 2 deletions

View File

@ -1,7 +1,7 @@
{% set __listen = item.listen | default(['80']) %} {% set __listen = item.listen | default(['80']) %}
{% set __listen_ssl = item.listen_ssl | default(['443']) %} {% set __listen_ssl = item.listen_ssl | default(['443']) %}
{% set __location = item.location | default({}) %} {% set __location = item.location | default({}) %}
{% macro htpasswd(htpasswd_name, indent=2) -%} {% macro htpasswd(htpasswd_name, indent=1) -%}
{% for ht in nginx_htpasswd %}{% if ht.name == htpasswd_name %} {% for ht in nginx_htpasswd %}{% if ht.name == htpasswd_name %}
{{ "\t" * indent }}auth_basic "{{ ht.description }}"; {{ "\t" * indent }}auth_basic "{{ ht.description }}";
{{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }}; {{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }};
@ -36,6 +36,10 @@ server {
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.htpasswd is defined %}
{{ htpasswd(item.htpasswd, 1) }}
{% endif %}
{% if not __location.has_key('/') %} {% if not __location.has_key('/') %}
location / { location / {
{% block template_try_files %} {% block template_try_files %}

View File

@ -83,7 +83,7 @@
with_items: ['test-php.local', 'test-php-index.local'] with_items: ['test-php.local', 'test-php-index.local']
- name: -- Add HTML file -- - name: -- Add HTML file --
copy: dest="{{ item }}/index.html" content="Index HTML test OK\n" copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp'] with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public']
- name: -- VERIFY VHOSTS -- - name: -- VERIFY VHOSTS --
command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/" command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
with_items: nginx_vhosts with_items: nginx_vhosts
@ -116,3 +116,13 @@
changed_when: false changed_when: false
register: authok register: authok
failed_when: authok.stdout.find('hello') == -1 failed_when: authok.stdout.find('hello') == -1
- name: -- VERIFY AUTH BASIC FAIL GLOBAL --
command: "curl -u fail:fail -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
changed_when: false
register: authgfail
failed_when: authgfail.stdout.find('401 Authorization Required') == -1
- name: -- VERIFY AUTH BASIC OK --
command: "curl -u hanx:qwerty -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
changed_when: false
register: authgok
failed_when: authgok.stdout.find('401 Authorization Required') != -1