Add reverse proxy service with basic authentication

README.md

@@ -29,6 +29,10 @@ systems that consist of multiple processes:
   MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc.
 * `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the
   Nix-based continuous integration system
+* `disnix` demonstrates how to deploy [Disnix](https://github.com/svanderburg/disnix)
+  including container provider services and the
+  [DisnixWebService](https://github.com/svanderburg/DisnixWebService) providing
+  remote deployment support via a web service.
 
 Deploying the example systems
 =============================

example-deployments/disnix/processes-bare.nix

@@ -14,10 +14,6 @@ let
   constructors = import ../../services-agnostic/constructors.nix {
     inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
   };
-
-  containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
-    inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
-  };
 in
 rec {
   sshd = {

example-deployments/disnix/processes-with-tomcat-mysql.nix

@@ -42,11 +42,22 @@ rec {
   };
 
   apache = {
-    pkg = constructors.reverseProxyApache {
+    pkg = constructors.basicAuthReverseProxyApache {
       dependency = tomcat;
       serverAdmin = "admin@localhost";
       targetProtocol = "ajp";
       portPropertyName = "ajpPort";
+
+      authName = "DisnixWebService";
+      authUserFile = pkgs.stdenv.mkDerivation {
+        name = "htpasswd";
+        buildInputs = [ pkgs.apacheHttpd ];
+        buildCommand = ''
+          htpasswd -cb ./htpasswd admin secret
+          mv htpasswd $out
+        '';
+      };
+      requireUser = "admin";
     };
   };
 

services-agnostic/apache/basic-auth-reverse-proxy-apache.nix

@@ -0,0 +1,45 @@
+{createManagedProcess, stdenv, lib, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:
+
+{ instanceSuffix ? ""
+, instanceName ? "apache${instanceSuffix}"
+, port ? 80
+, serverName ? "localhost"
+, serverAdmin
+, documentRoot ? ../http-server-common/webapp
+, enablePHP ? false
+, enableCGI ? false
+, targetProtocol ? "http"
+, portPropertyName ? "port"
+, dependency
+, modules ? []
+, authName
+, authUserFile ? null
+, authGroupFile ? null
+, requireUser ? null
+, requireGroup ? null
+, extraConfig ? ""
+, postInstall ? ""
+}:
+
+import ./reverse-proxy-apache.nix {
+  inherit createManagedProcess stdenv lib runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
+} {
+  inherit instanceSuffix instanceName port serverName serverAdmin documentRoot enablePHP enableCGI targetProtocol portPropertyName dependency modules extraConfig postInstall;
+  extraProxySettings = ''
+    AuthType basic
+    AuthName "${authName}"
+    AuthBasicProvider file
+  ''
+  + lib.optionalString (authUserFile != null) ''
+    AuthUserFile ${authUserFile}
+  ''
+  + lib.optionalString (authGroupFile != null) ''
+    AuthGroupFile ${authGroupFile}
+  ''
+  + lib.optionalString (requireUser != null) ''
+    Require user ${requireUser}
+  ''
+  + lib.optionalString (requireGroup != null) ''
+    Require group ${requireGroup}
+  '';
+}

services-agnostic/apache/reverse-proxy-apache.nix

@@ -11,6 +11,8 @@
 , targetProtocol ? "http"
 , portPropertyName ? "port"
 , dependency
+, modules ? []
+, extraProxySettings ? ""
 , extraConfig ? ""
 , postInstall ? ""
 }:
@@ -40,11 +42,12 @@ import ./simple-webapp-apache.nix {
     "slotmem_shm"
     "xml2enc"
     "watchdog"
-  ];
+  ] ++ modules;
   extraConfig = ''
     <Proxy *>
       Order deny,allow
       Allow from all
+      ${extraProxySettings}
     </Proxy>
 
     ProxyRequests     Off

services-agnostic/constructors.nix

@@ -32,6 +32,11 @@ in
     inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
   };
 
+  basicAuthReverseProxyApache = import ./apache/basic-auth-reverse-proxy-apache.nix {
+    inherit createManagedProcess logDir cacheDir runtimeDir forceDisableUserChange;
+    inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
+  };
+
   tomcat = import ./apache-tomcat {
     inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
     inherit (pkgs) lib;