From a9c14d7a553cc187c147b6d886dad0e4b57343b9 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 28 Nov 2017 10:57:29 +0100
Subject: [PATCH] Optional HTTP Basic auth for discourse

---
 tasks/apache.yml     | 13 +++++++++++++
 tasks/install.yml    |  8 ++++----
 templates/vhost.conf | 13 ++++++++++---
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/tasks/apache.yml b/tasks/apache.yml
index 628ce7e..7dedb51 100644
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@@ -15,3 +15,16 @@
   command: a2ensite discourse creates=/etc/apache2/sites-enabled/discourse{{ apache_conf_ext }}
   notify:
     - "Apache | Restart Apache"
+
+- block:
+
+  - name: "Setup AuthType Basic"
+    htpasswd:
+      path: '/var/discourse/containers/passwords'
+      name: '{{ discourse_apache_auth.user }}'
+      password: '{{ discourse_apache_auth.password }}'
+      owner: 'root'
+      group: 'root'
+      mode: '664'
+
+  when: discourse_apache_auth is defined
diff --git a/tasks/install.yml b/tasks/install.yml
index 76b3ee8..3a5b58d 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,10 +1,6 @@
 ---
 # file: roles/discourse/tasks/install.yml
 
-- name: "Configure Apache"
-  include_tasks: apache.yml
-  tags: 'always'
-
 - name: "Clone Repository"
   git:
     accept_hostkey: yes
@@ -26,3 +22,7 @@
     shell: '/var/discourse/launcher rebuild app'
 
   when: discourse_repository.changed
+
+- name: "Configure Apache"
+  include_tasks: apache.yml
+  tags: 'always'
diff --git a/templates/vhost.conf b/templates/vhost.conf
index 9e1f54d..f6b5078 100644
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -40,9 +40,16 @@
   AllowEncodedSlashes NoDecode
 
   <Location />
-      Require all granted
-      ProxyPassReverse http://127.0.0.1:8181
-      ProxyPassReverse http://{{ discourse_domain }}/
+{% if discourse_apache_auth is defined %}
+    AuthType {{ discourse_apache_auth.type }}
+    AuthName "{{ discourse_apache_auth.name }}"
+    AuthUserFile /var/discourse/containers/passwords
+    Require {{ discourse_apache_auth.user }} {{ discourse_apache_auth.password }}
+{% else %}
+    Require all granted
+{% endif %}
+    ProxyPassReverse http://127.0.0.1:8181
+    ProxyPassReverse http://{{ discourse_domain }}/
   </Location>
 
   RewriteEngine on
-- 
GitLab