ehmry
/
nix-processmgmt-services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add reverse proxy service with basic authentication

This commit is contained in:
Sander van der Burg 2021-03-05 22:11:09 +01:00 committed by Sander van der Burg
parent 695e6ccdd9
commit 12c47e9e03
6 changed files with 70 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -29,6 +29,10 @@ systems that consist of multiple processes:
MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc. MySQL, PostgreSQL, Nginx, the Apache HTTP server, `svnserve`, Docker etc.
* `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the * `hydra`: demonstrates how to deploy [Hydra](https://nixos.org/hydra): the
Nix-based continuous integration system Nix-based continuous integration system
* `disnix` demonstrates how to deploy [Disnix](https://github.com/svanderburg/disnix)
including container provider services and the
[DisnixWebService](https://github.com/svanderburg/DisnixWebService) providing
remote deployment support via a web service.
Deploying the example systems Deploying the example systems
============================= =============================

4
example-deployments/disnix/processes-bare.nix
View File

@ -14,10 +14,6 @@ let
constructors = import ../../services-agnostic/constructors.nix { constructors = import ../../services-agnostic/constructors.nix {
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager; inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
}; };
containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
};
in in
rec { rec {
sshd = { sshd = {

13
example-deployments/disnix/processes-with-tomcat-mysql.nix
View File

@ -42,11 +42,22 @@ rec {
}; };
apache = { apache = {
pkg = constructors.reverseProxyApache { pkg = constructors.basicAuthReverseProxyApache {
dependency = tomcat; dependency = tomcat;
serverAdmin = "admin@localhost"; serverAdmin = "admin@localhost";
targetProtocol = "ajp"; targetProtocol = "ajp";
portPropertyName = "ajpPort"; portPropertyName = "ajpPort";
authName = "DisnixWebService";
authUserFile = pkgs.stdenv.mkDerivation {
name = "htpasswd";
buildInputs = [ pkgs.apacheHttpd ];
buildCommand = ''
htpasswd -cb ./htpasswd admin secret
mv htpasswd $out
'';
};
requireUser = "admin";
}; };
}; };

45
services-agnostic/apache/basic-auth-reverse-proxy-apache.nix Normal file
View File

@ -0,0 +1,45 @@
{createManagedProcess, stdenv, lib, runCommand, apacheHttpd, php, writeTextFile, logDir, runtimeDir, cacheDir, forceDisableUserChange}:
{ instanceSuffix ? ""
, instanceName ? "apache${instanceSuffix}"
, port ? 80
, serverName ? "localhost"
, serverAdmin
, documentRoot ? ../http-server-common/webapp
, enablePHP ? false
, enableCGI ? false
, targetProtocol ? "http"
, portPropertyName ? "port"
, dependency
, modules ? []
, authName
, authUserFile ? null
, authGroupFile ? null
, requireUser ? null
, requireGroup ? null
, extraConfig ? ""
, postInstall ? ""
}:
import ./reverse-proxy-apache.nix {
inherit createManagedProcess stdenv lib runCommand apacheHttpd php writeTextFile logDir runtimeDir cacheDir forceDisableUserChange;
} {
inherit instanceSuffix instanceName port serverName serverAdmin documentRoot enablePHP enableCGI targetProtocol portPropertyName dependency modules extraConfig postInstall;
extraProxySettings = ''
AuthType basic
AuthName "${authName}"
AuthBasicProvider file
''
+ lib.optionalString (authUserFile != null) ''
AuthUserFile ${authUserFile}
''
+ lib.optionalString (authGroupFile != null) ''
AuthGroupFile ${authGroupFile}
''
+ lib.optionalString (requireUser != null) ''
Require user ${requireUser}
''
+ lib.optionalString (requireGroup != null) ''
Require group ${requireGroup}
'';
}

5
services-agnostic/apache/reverse-proxy-apache.nix
View File

@ -11,6 +11,8 @@
, targetProtocol ? "http" , targetProtocol ? "http"
, portPropertyName ? "port" , portPropertyName ? "port"
, dependency , dependency
, modules ? []
, extraProxySettings ? ""
, extraConfig ? "" , extraConfig ? ""
, postInstall ? "" , postInstall ? ""
}: }:
@ -40,11 +42,12 @@ import ./simple-webapp-apache.nix {
"slotmem_shm" "slotmem_shm"
"xml2enc" "xml2enc"
"watchdog" "watchdog"
]; ] ++ modules;
extraConfig = '' extraConfig = ''
<Proxy *> <Proxy *>
Order deny,allow Order deny,allow
Allow from all Allow from all
${extraProxySettings}
</Proxy> </Proxy>
ProxyRequests Off ProxyRequests Off

5
services-agnostic/constructors.nix
View File

@ -32,6 +32,11 @@ in
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile; inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
}; };
basicAuthReverseProxyApache = import ./apache/basic-auth-reverse-proxy-apache.nix {
inherit createManagedProcess logDir cacheDir runtimeDir forceDisableUserChange;
inherit (pkgs) stdenv lib runCommand apacheHttpd php writeTextFile;
};
tomcat = import ./apache-tomcat { tomcat = import ./apache-tomcat {
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange; inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
inherit (pkgs) lib; inherit (pkgs) lib;