ansible-inventories/arocom#2861 Add support for basic auth on certain locations only

044f7420 · jurgenhaas · 0550a759 · 044f7420 · 044f7420
Commit 044f7420 authored 5 years ago by jurgenhaas
--- a/tasks/apache_auth.yml
+++ b/tasks/apache_auth.yml
@@ -20,12 +20,13 @@
        group: '{{ apacheUser }}'
        mode: 0640
        state: '{{ drupal_domain.apache_auth.password is defined|ternary("present","absent") }}'
+      when: drupal_domain.apache_auth.user is defined
      notify:
        - Restart Apache

    - name: Setup AuthType Basic Credentials for extra users
      htpasswd:
-        path: '{{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}'
+        path: '{{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user|default(drupal.id) }}'
        name: '{{ item.user }}'
        password: '{{ item.password }}'
        owner: '{{ apacheUser }}'
@@ -35,5 +36,17 @@
      notify:
        - Restart Apache

+    - name: Setup AuthType Basic Credentials for location users
+      htpasswd:
+        path: '{{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user|default(drupal.id) }}'
+        name: '{{ item.user }}'
+        password: '{{ item.password }}'
+        owner: '{{ apacheUser }}'
+        group: '{{ apacheUser }}'
+        mode: 0640
+      with_items: '{{ drupal_domain.apache_auth.location_users|default([]) }}'
+      notify:
+        - Restart Apache
+
  tags:
    - ApacheConfig
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -42,7 +42,7 @@
  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

 {% if drupal_domain.mailhog|default(false) %}
-{% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
+{% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.user is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
  <Location /mailhog/>
    AuthType {{ drupal_domain.apache_auth.type }}
    AuthName "{{ drupal_domain.apache_auth.name }}"
@@ -86,7 +86,7 @@
  <Directory {{ docRoot }}/>
    Options +ExecCGI +Indexes +FollowSymLinks +MultiViews
    AllowOverride All
-{% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
+{% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.user is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
    AuthType {{ drupal_domain.apache_auth.type }}
    AuthName "{{ drupal_domain.apache_auth.name }}"
    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}
@@ -130,6 +130,16 @@
 {% endif %}
 {% endif %}
  </Directory>
+{% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.location_users is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
+{% for location in drupal_domain.apache_auth.location_users %}
+  <Location {{ location.location }}>
+    AuthType {{ drupal_domain.apache_auth.type }}
+    AuthName "{{ drupal_domain.apache_auth.name }}"
+    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user|default(drupal.id) }}
+    Require user {{ location.user }}
+  </Location>
+{% endfor %}
+{% endif %}
  <Directory {{ docRoot }}/.git/>
    Require all denied
  </Directory>