Add reverse proxy service with basic authentication
This commit is contained in:
parent
695e6ccdd9
commit
12c47e9e03
|
@ -29,6 +29,10 @@ systems that consist of multiple processes:
|
|||
MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc.
|
||||
* `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the
|
||||
Nix-based continuous integration system
|
||||
* `disnix` demonstrates how to deploy [Disnix](https://github.com/svanderburg/disnix)
|
||||
including container provider services and the
|
||||
[DisnixWebService](https://github.com/svanderburg/DisnixWebService) providing
|
||||
remote deployment support via a web service.
|
||||
|
||||
Deploying the example systems
|
||||
=============================
|
||||
|
|
|
@ -14,10 +14,6 @@ let
|
|||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
||||
};
|
||||
|
||||
containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
||||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
|
|
|
@ -42,11 +42,22 @@ rec {
|
|||
};
|
||||
|
||||
apache = {
|
||||
pkg = constructors.reverseProxyApache {
|
||||
pkg = constructors.basicAuthReverseProxyApache {
|
||||
dependency = tomcat;
|
||||
serverAdmin = "admin@localhost";
|
||||
targetProtocol = "ajp";
|
||||
portPropertyName = "ajpPort";
|
||||
|
||||
authName = "DisnixWebService";
|
||||
authUserFile = pkgs.stdenv.mkDerivation {
|
||||
name = "htpasswd";
|
||||
buildInputs = [ pkgs.apacheHttpd ];
|
||||
buildCommand = ''
|
||||
htpasswd -cb ./htpasswd admin secret
|
||||
mv htpasswd $out
|
||||
'';
|
||||
};
|
||||
requireUser = "admin";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
{createManagedProcess, stdenv, lib, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "apache${instanceSuffix}"
|
||||
, port ? 80
|
||||
, serverName ? "localhost"
|
||||
, serverAdmin
|
||||
, documentRoot ? ../http-server-common/webapp
|
||||
, enablePHP ? false
|
||||
, enableCGI ? false
|
||||
, targetProtocol ? "http"
|
||||
, portPropertyName ? "port"
|
||||
, dependency
|
||||
, modules ? []
|
||||
, authName
|
||||
, authUserFile ? null
|
||||
, authGroupFile ? null
|
||||
, requireUser ? null
|
||||
, requireGroup ? null
|
||||
, extraConfig ? ""
|
||||
, postInstall ? ""
|
||||
}:
|
||||
|
||||
import ./reverse-proxy-apache.nix {
|
||||
inherit createManagedProcess stdenv lib runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
|
||||
} {
|
||||
inherit instanceSuffix instanceName port serverName serverAdmin documentRoot enablePHP enableCGI targetProtocol portPropertyName dependency modules extraConfig postInstall;
|
||||
extraProxySettings = ''
|
||||
AuthType basic
|
||||
AuthName "${authName}"
|
||||
AuthBasicProvider file
|
||||
''
|
||||
+ lib.optionalString (authUserFile != null) ''
|
||||
AuthUserFile ${authUserFile}
|
||||
''
|
||||
+ lib.optionalString (authGroupFile != null) ''
|
||||
AuthGroupFile ${authGroupFile}
|
||||
''
|
||||
+ lib.optionalString (requireUser != null) ''
|
||||
Require user ${requireUser}
|
||||
''
|
||||
+ lib.optionalString (requireGroup != null) ''
|
||||
Require group ${requireGroup}
|
||||
'';
|
||||
}
|
|
@ -11,6 +11,8 @@
|
|||
, targetProtocol ? "http"
|
||||
, portPropertyName ? "port"
|
||||
, dependency
|
||||
, modules ? []
|
||||
, extraProxySettings ? ""
|
||||
, extraConfig ? ""
|
||||
, postInstall ? ""
|
||||
}:
|
||||
|
@ -40,11 +42,12 @@ import ./simple-webapp-apache.nix {
|
|||
"slotmem_shm"
|
||||
"xml2enc"
|
||||
"watchdog"
|
||||
];
|
||||
] ++ modules;
|
||||
extraConfig = ''
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
${extraProxySettings}
|
||||
</Proxy>
|
||||
|
||||
ProxyRequests Off
|
||||
|
|
|
@ -32,6 +32,11 @@ in
|
|||
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
|
||||
};
|
||||
|
||||
basicAuthReverseProxyApache = import ./apache/basic-auth-reverse-proxy-apache.nix {
|
||||
inherit createManagedProcess logDir cacheDir runtimeDir forceDisableUserChange;
|
||||
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
|
||||
};
|
||||
|
||||
tomcat = import ./apache-tomcat {
|
||||
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
|
||||
inherit (pkgs) lib;
|
||||
|
|
Loading…
Reference in New Issue