Skip to content

Commit 783d296

Browse files
magicalyakgdzien
magicalyak
authored and
gdzien
committed
Http auth req additions - issue 120 (#121)
* added http_auth_req * removed existing set-headers * is defined for proxy_pass_request_body
1 parent e2ec4f6 commit 783d296

File tree

5 files changed

+152
-10
lines changed

5 files changed

+152
-10
lines changed

README.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -313,6 +313,7 @@ nginx_main_template:
313313
keyval: false
314314
stream_enable: false
315315
http_global_autoindex: false
316+
#auth_request_http: /auth
316317

317318
# Enable creating dynamic templated NGINX HTTP configuration files.
318319
# Defaults will not produce a valid configuration. Instead they are meant to showcase
@@ -329,6 +330,7 @@ nginx_http_template:
329330
root: /usr/share/nginx/html
330331
https_redirect: false
331332
autoindex: false
333+
#auth_request: /auth
332334
ssl:
333335
cert: /etc/ssl/certs/default.crt
334336
key: /etc/ssl/private/default.key
@@ -345,6 +347,11 @@ nginx_http_template:
345347
autoindex: false
346348
auth_basic: null
347349
auth_basic_file: null
350+
#auth_req: /auth
351+
#returns:
352+
#return302:
353+
#code: 302
354+
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
348355
http_demo_conf: false
349356
reverse_proxy:
350357
proxy_cache_path:
@@ -371,6 +378,32 @@ nginx_http_template:
371378
location: /
372379
proxy_connect_timeout: null
373380
proxy_pass: http://backend
381+
#proxy_pass_request_body: off
382+
proxy_set_header:
383+
header_host:
384+
name: Host
385+
value: $host
386+
header_x_real_ip:
387+
name: X-Real-IP
388+
value: $remote_addr
389+
header_x_forwarded_for:
390+
name: X-Forwarded-For
391+
value: $proxy_add_x_forwarded_for
392+
header_x_forwarded_proto:
393+
name: X-Forwarded-Proto
394+
value: $scheme
395+
#header_upgrade:
396+
#name: Upgrade
397+
#value: $http_upgrade
398+
#header_connection:
399+
#name: Connection
400+
#value: "Upgrade"
401+
#header_random:
402+
#name: RandomName
403+
#value: RandomValue
404+
#internal: false
405+
#proxy_store: off
406+
#proxy_store_acccess: user:rw
374407
proxy_read_timeout: null
375408
proxy_ssl:
376409
cert: /etc/ssl/certs/proxy_default.crt
@@ -400,6 +433,11 @@ nginx_http_template:
400433
websocket: false
401434
auth_basic: null
402435
auth_basic_file: null
436+
#auth_req: /auth
437+
#returns:
438+
#return302:
439+
#code: 302
440+
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
403441
health_check_plus: false
404442
proxy_cache:
405443
proxy_cache_path:

defaults/main.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ nginx_main_template:
155155
keyval: false
156156
stream_enable: false
157157
http_global_autoindex: false
158+
#auth_request_http: /auth
158159

159160
# Enable creating dynamic templated NGINX HTTP configuration files.
160161
# Defaults will not produce a valid configuration. Instead they are meant to showcase
@@ -172,6 +173,7 @@ nginx_http_template:
172173
https_redirect: false
173174
autoindex: false
174175
try_files: $uri $uri/index.html $uri.html =404
176+
#auth_request: /auth
175177
ssl:
176178
cert: /etc/ssl/certs/default.crt
177179
key: /etc/ssl/private/default.key
@@ -190,6 +192,11 @@ nginx_http_template:
190192
auth_basic: null
191193
auth_basic_file: null
192194
try_files: $uri $uri/index.html $uri.html =404
195+
#auth_request: /auth
196+
#returns:
197+
#return302:
198+
#code: 302
199+
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
193200
http_demo_conf: false
194201
reverse_proxy:
195202
proxy_cache_path:
@@ -216,6 +223,32 @@ nginx_http_template:
216223
location: /
217224
proxy_connect_timeout: null
218225
proxy_pass: http://backend
226+
#proxy_pass_request_body: off
227+
proxy_set_header:
228+
header_host:
229+
name: Host
230+
value: $host
231+
header_x_real_ip:
232+
name: X-Real-IP
233+
value: $remote_addr
234+
header_x_forwarded_for:
235+
name: X-Forwarded-For
236+
value: $proxy_add_x_forwarded_for
237+
header_x_forwarded_proto:
238+
name: X-Forwarded-Proto
239+
value: $scheme
240+
#header_upgrade:
241+
#name: Upgrade
242+
#value: $http_upgrade
243+
#header_connection:
244+
#name: Connection
245+
#value: "Upgrade"
246+
#header_random:
247+
#name: RandomName
248+
#value: RandomValue
249+
#internal: false
250+
#proxy_store: off
251+
#proxy_store_acccess: user:rw
219252
proxy_read_timeout: null
220253
proxy_ssl:
221254
cert: /etc/ssl/certs/proxy_default.crt
@@ -242,6 +275,11 @@ nginx_http_template:
242275
auth_basic: null
243276
auth_basic_file: null
244277
try_files: $uri $uri/index.html $uri.html =404
278+
#auth_req: /auth
279+
#returns:
280+
#return302:
281+
#code: 302
282+
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
245283
health_check_plus: false
246284
proxy_cache:
247285
proxy_cache_path:

tasks/modules/install-modules.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,4 @@
1818
when: nginx_modules.xslt | default(false)
1919

2020
- import_tasks: install-waf.yml
21-
when: nginx_modules.waf | default(false) and nginx_type == "plus"
21+
when: nginx_modules.waf | default(false) and nginx_type == "plus"

templates/http/default.conf.j2

Lines changed: 49 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,9 @@ proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.valu
4646
{% endif %}
4747
{% endif %}
4848
{% endif %}
49+
{% if item.value.auth_request_http is defined %}
50+
auth_request {{ item.value.auth_request_http }};
51+
{% endif %}
4952

5053
server {
5154
{% if item.value.ssl is defined %}
@@ -83,22 +86,55 @@ server {
8386
{% if item.value.try_files is defined %}
8487
try_files {{ item.value.try_files }};
8588
{% endif %}
89+
{% if item.value.auth_request is defined %}
90+
auth_request {{ item.value.auth_request }};
91+
{% endif %}
92+
8693
{% if item.value.reverse_proxy is defined %}
8794
{% for location in item.value.reverse_proxy.locations %}
8895
location {{ item.value.reverse_proxy.locations[location].location }} {
96+
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
97+
internal;
98+
{% endif %}
99+
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
100+
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
101+
{% endif %}
89102
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
90103
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
91104
{% endif %}
92105
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined and item.value.reverse_proxy.locations[location].auth_basic_file %}
93106
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
94107
{% endif %}
108+
{% if item.value.reverse_proxy.locations[location].returns is defined %}
109+
{% for code in item.value.reverse_proxy.locations[location].returns %}
110+
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
111+
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
112+
{% else %}
113+
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
114+
{% endif %}
115+
{% endfor %}
116+
{% endif %}
95117
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
96118
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
97119
{% endif %}
98120
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
99121
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
100122
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
101123
{% endif %}
124+
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
125+
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
126+
{% endif %}
127+
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
128+
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
129+
{% endif %}
130+
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
131+
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
132+
{% endif %}
133+
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
134+
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
135+
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
136+
{% endfor %}
137+
{% endif %}
102138
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
103139
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
104140
{% endif %}
@@ -166,14 +202,6 @@ server {
166202
health_check;
167203
{% endif %}
168204

169-
proxy_set_header Host $host;
170-
proxy_set_header X-Real-IP $remote_addr;
171-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
172-
proxy_set_header X-Forwarded-Proto $scheme;
173-
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
174-
proxy_set_header Upgrade $http_upgrade;
175-
proxy_set_header Connection "Upgrade";
176-
{% endif %}
177205
}
178206
{% endfor %}
179207
{% endif %}
@@ -189,11 +217,23 @@ server {
189217
{% if item.value.web_server.locations[location].try_files is defined %}
190218
try_files {{ item.value.web_server.locations[location].try_files }};
191219
{% endif %}
220+
{% if item.value.web_server.locations[location].returns is defined %}
221+
{% for code in item.value.web_server.locations[location].returns %}
222+
{% if item.value.web_server.locations[location].returns[code] is defined %}
223+
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
224+
{% else %}
225+
return {{ item.value.web_server.locations[location].returns[code].url }};
226+
{% endif %}
227+
{% endfor %}
228+
{% endif %}
192229
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
193230
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
194231
{% endif %}
195232
{% if item.value.web_server.locations[location].auth_basic_file is defined and item.value.web_server.locations[location].auth_basic_file %}
196233
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_file }};
234+
{% endif %}
235+
{% if item.value.web_server.locations[location].auth_request is defined %}
236+
auth_request {{ item.value.web_server.locations[location].auth_request }};
197237
{% endif %}
198238
}
199239
{% endfor %}
@@ -219,4 +259,4 @@ server {
219259
root {{ item.value.error_page }};
220260
}
221261
{% endif %}
222-
}
262+
}

tests/playbooks/nginx-http-template.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,19 @@
6060
- Vary
6161
- Cache-Control
6262
proxy_redirect: false
63+
proxy_set_header:
64+
header_host:
65+
name: Host
66+
value: $host
67+
header_x_real_ip:
68+
name: X-Real-IP
69+
value: $remote_addr
70+
header_x_forwarded_for:
71+
name: X-Forwarded-For
72+
value: $proxy_add_x_forwarded_for
73+
header_x_forwarded_proto:
74+
name: X-Forwarded-Proto
75+
value: $scheme
6376
backend:
6477
location: /backend
6578
proxy_pass: http://backend_servers/
@@ -74,6 +87,19 @@
7487
- http_502
7588
- http_503
7689
proxy_redirect: default
90+
proxy_set_header:
91+
header_host:
92+
name: Host
93+
value: $host
94+
header_x_real_ip:
95+
name: X-Real-IP
96+
value: $remote_addr
97+
header_x_forwarded_for:
98+
name: X-Forwarded-For
99+
value: $proxy_add_x_forwarded_for
100+
header_x_forwarded_proto:
101+
name: X-Forwarded-Proto
102+
value: $scheme
77103
upstreams:
78104
frontend_upstream:
79105
name: frontend_servers

0 commit comments

Comments
 (0)