Add reverse proxy service with basic authentication
This commit is contained in:
parent
695e6ccdd9
commit
12c47e9e03
|
@ -29,6 +29,10 @@ systems that consist of multiple processes:
|
||||||
MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc.
|
MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc.
|
||||||
* `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the
|
* `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the
|
||||||
Nix-based continuous integration system
|
Nix-based continuous integration system
|
||||||
|
* `disnix` demonstrates how to deploy [Disnix](https://github.com/svanderburg/disnix)
|
||||||
|
including container provider services and the
|
||||||
|
[DisnixWebService](https://github.com/svanderburg/DisnixWebService) providing
|
||||||
|
remote deployment support via a web service.
|
||||||
|
|
||||||
Deploying the example systems
|
Deploying the example systems
|
||||||
=============================
|
=============================
|
||||||
|
|
|
@ -14,10 +14,6 @@ let
|
||||||
constructors = import ../../services-agnostic/constructors.nix {
|
constructors = import ../../services-agnostic/constructors.nix {
|
||||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
||||||
};
|
};
|
||||||
|
|
||||||
containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
|
|
||||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
rec {
|
rec {
|
||||||
sshd = {
|
sshd = {
|
||||||
|
|
|
@ -42,11 +42,22 @@ rec {
|
||||||
};
|
};
|
||||||
|
|
||||||
apache = {
|
apache = {
|
||||||
pkg = constructors.reverseProxyApache {
|
pkg = constructors.basicAuthReverseProxyApache {
|
||||||
dependency = tomcat;
|
dependency = tomcat;
|
||||||
serverAdmin = "admin@localhost";
|
serverAdmin = "admin@localhost";
|
||||||
targetProtocol = "ajp";
|
targetProtocol = "ajp";
|
||||||
portPropertyName = "ajpPort";
|
portPropertyName = "ajpPort";
|
||||||
|
|
||||||
|
authName = "DisnixWebService";
|
||||||
|
authUserFile = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "htpasswd";
|
||||||
|
buildInputs = [ pkgs.apacheHttpd ];
|
||||||
|
buildCommand = ''
|
||||||
|
htpasswd -cb ./htpasswd admin secret
|
||||||
|
mv htpasswd $out
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
requireUser = "admin";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
{createManagedProcess, stdenv, lib, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:
|
||||||
|
|
||||||
|
{ instanceSuffix ? ""
|
||||||
|
, instanceName ? "apache${instanceSuffix}"
|
||||||
|
, port ? 80
|
||||||
|
, serverName ? "localhost"
|
||||||
|
, serverAdmin
|
||||||
|
, documentRoot ? ../http-server-common/webapp
|
||||||
|
, enablePHP ? false
|
||||||
|
, enableCGI ? false
|
||||||
|
, targetProtocol ? "http"
|
||||||
|
, portPropertyName ? "port"
|
||||||
|
, dependency
|
||||||
|
, modules ? []
|
||||||
|
, authName
|
||||||
|
, authUserFile ? null
|
||||||
|
, authGroupFile ? null
|
||||||
|
, requireUser ? null
|
||||||
|
, requireGroup ? null
|
||||||
|
, extraConfig ? ""
|
||||||
|
, postInstall ? ""
|
||||||
|
}:
|
||||||
|
|
||||||
|
import ./reverse-proxy-apache.nix {
|
||||||
|
inherit createManagedProcess stdenv lib runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
|
||||||
|
} {
|
||||||
|
inherit instanceSuffix instanceName port serverName serverAdmin documentRoot enablePHP enableCGI targetProtocol portPropertyName dependency modules extraConfig postInstall;
|
||||||
|
extraProxySettings = ''
|
||||||
|
AuthType basic
|
||||||
|
AuthName "${authName}"
|
||||||
|
AuthBasicProvider file
|
||||||
|
''
|
||||||
|
+ lib.optionalString (authUserFile != null) ''
|
||||||
|
AuthUserFile ${authUserFile}
|
||||||
|
''
|
||||||
|
+ lib.optionalString (authGroupFile != null) ''
|
||||||
|
AuthGroupFile ${authGroupFile}
|
||||||
|
''
|
||||||
|
+ lib.optionalString (requireUser != null) ''
|
||||||
|
Require user ${requireUser}
|
||||||
|
''
|
||||||
|
+ lib.optionalString (requireGroup != null) ''
|
||||||
|
Require group ${requireGroup}
|
||||||
|
'';
|
||||||
|
}
|
|
@ -11,6 +11,8 @@
|
||||||
, targetProtocol ? "http"
|
, targetProtocol ? "http"
|
||||||
, portPropertyName ? "port"
|
, portPropertyName ? "port"
|
||||||
, dependency
|
, dependency
|
||||||
|
, modules ? []
|
||||||
|
, extraProxySettings ? ""
|
||||||
, extraConfig ? ""
|
, extraConfig ? ""
|
||||||
, postInstall ? ""
|
, postInstall ? ""
|
||||||
}:
|
}:
|
||||||
|
@ -40,11 +42,12 @@ import ./simple-webapp-apache.nix {
|
||||||
"slotmem_shm"
|
"slotmem_shm"
|
||||||
"xml2enc"
|
"xml2enc"
|
||||||
"watchdog"
|
"watchdog"
|
||||||
];
|
] ++ modules;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
<Proxy *>
|
<Proxy *>
|
||||||
Order deny,allow
|
Order deny,allow
|
||||||
Allow from all
|
Allow from all
|
||||||
|
${extraProxySettings}
|
||||||
</Proxy>
|
</Proxy>
|
||||||
|
|
||||||
ProxyRequests Off
|
ProxyRequests Off
|
||||||
|
|
|
@ -32,6 +32,11 @@ in
|
||||||
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
|
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
basicAuthReverseProxyApache = import ./apache/basic-auth-reverse-proxy-apache.nix {
|
||||||
|
inherit createManagedProcess logDir cacheDir runtimeDir forceDisableUserChange;
|
||||||
|
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
|
||||||
|
};
|
||||||
|
|
||||||
tomcat = import ./apache-tomcat {
|
tomcat = import ./apache-tomcat {
|
||||||
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
|
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
|
||||||
inherit (pkgs) lib;
|
inherit (pkgs) lib;
|
||||||
|
|
Loading…
Reference in New Issue