vhost: Add support for http basic auth

2023-05-09 21:39:37 +03:00
parent ac43d9288a
commit e4dcc74610
4 changed files with 34 additions and 0 deletions
--- a/roles/vhost/defaults/main.yml
+++ b/roles/vhost/defaults/main.yml
@@ -5,6 +5,9 @@ web_server: caddy
 vhost_locations: []
 vhost_headers: {}

+vhost_basicauth: false
+vhost_basicauth_users: {}
+
 proxy_target_protocol: http
 proxy_target_host: localhost

--- a/roles/vhost/meta/argument_specs.yml
+++ b/roles/vhost/meta/argument_specs.yml
@@ -33,6 +33,17 @@ argument_specs:
        required: false
        default: {}

+      vhost_basicauth:
+        description: Whether to require basic auth for the vhost
+        type: bool
+        required: false
+        default: false
+      vhost_basicauth_users:
+        description: A dict of basic auth users and their password hashes. Required if vhost_basicauth is true
+        type: dict
+        required: false
+        default: {}
+
      proxy_target_port:
        description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy
        type: int
@@ -107,6 +118,16 @@ argument_specs:
            required: false
            default: "{{ vhost_headers }}"

+          basicauth:
+            description: Whether to require basic auth for the location
+            type: bool
+            required: false
+            default: "{{ vhost_basicauth }}"
+          basicauth_users:
+            description: A dict of basic auth users and their password hashes. Required if basicauth is true
+            type: dict
+            default: "{{ vhost_basicauth_users }}"
+
          proxy_target_port:
            description: Port where to proxy requests to. Only applicable if type is reverse_proxy.
            type: int
--- a/roles/vhost/tasks/caddy.yml
+++ b/roles/vhost/tasks/caddy.yml
@@ -11,6 +11,13 @@
          {% for header in location.headers | dict2items %}
          header {{ header.key }} `{{ header.value }}`
          {% endfor %}
+          {% if location.basicauth %}
+          basicauth {
+            {% for user in location.basicauth_users | dict2items %}
+            {{ user.key }} {{ user.value }}
+            {% endfor %}
+          }
+          {% endif %}
          {% if location.type == 'reverse_proxy' %}
          reverse_proxy {{ location.proxy_target_protocol }}://{{ location.proxy_target_host }}:{{ location.proxy_target_port }} {
            {% if location.proxy_target_protocol == 'https' and location.proxy_target_host == 'localhost' %}
--- a/roles/vhost/tasks/main.yml
+++ b/roles/vhost/tasks/main.yml
@@ -26,6 +26,9 @@
      'type': item.type | default(vhost_type),
      'headers': item.headers | default(vhost_headers),

+      'basicauth': item.basicauth | default(vhost_basicauth),
+      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
+
      'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
      'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
      'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),