ansible-inventories/arocom#2856 proposal for a more generic approach for ips and users

609dfdec · Eric Zillmann · f8c1ff8b · 609dfdec
Commit 609dfdec authored 5 years ago by Eric Zillmann
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -89,22 +89,30 @@
 {% if drupal_domain.apache_auth is defined and drupal_domain.apache_auth.active|default('true') == 'true' %}
    AuthType {{ drupal_domain.apache_auth.type }}
    AuthName "{{ drupal_domain.apache_auth.name }}"
-{% if drupal_domain.apache_auth.passwdfile is defined %}
-    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.passwdfile }}
-{% else %}
    AuthUserFile {{ webRoot }}/passwords/{{ drupal_domain.apache_auth.user }}
+{% if drupal_domain.apache_auth.ips is defined %}
+{% for ip in drupal_domain.apache_auth.ips %}
+    SetEnvIF X-Forwarded-For ^{{ ip|regex_escape() }}$ AllowIP
+{% endfor %}
 {% endif %}
-{% if drupal_domain.apache_auth.manual_auth is defined %}
-    {{ drupal_domain.apache_auth.manual_auth }}
-{% else %}
-{% if drupal_domain.apache_auth.extra_users is defined %}
+{% if drupal_domain.apache_auth.extra_users is defined or drupal_domain.apache_auth.ips is defined %}
    <RequireAny>
+{% if drupal_domain.apache_auth.extra_users is defined %}
 {% for user in drupal_domain.apache_auth.extra_users %}
      <RequireAll>
+{% if user.expression is defined %}
        Require expr "{{ user.expression }}"
+{% endif %}
        Require user {{ user.user }}
      </RequireAll>
 {% endfor %}
+{% endif %}
+{% if drupal_domain.apache_auth.ips is defined %}
+      Require env AllowIP
+{% for ip in drupal_domain.apache_auth.ips %}
+      Require ip {{ ip }}
+{% endfor %}
+{% endif %}
      <RequireAll>
        Require {% if drupal_domain.apache_auth.password is defined %}user {{ drupal_domain.apache_auth.user }}{% else %}all granted{% endif %}

@@ -113,7 +121,6 @@
 {% else %}
    Require user {{ drupal_domain.apache_auth.user }}
 {% endif %}
-{% endif %}
 {% else %}
 {% if apache_version|default('2.4') == '2.2' %}
    Order allow,deny