Use basic-auth to protect librespeed rather than whitelist

2020-05-06 16:11:29 +01:00 · 2020-05-06 16:11:29 +01:00 · 56ebe2ad01
commit 56ebe2ad01
parent aad14a4ceb
3 changed files with 14 additions and 1 deletions
--- a/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml
+++ b/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml
@ -13,4 +13,5 @@ services:
      - "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)"
      - "traefik.http.routers.librespeed.tls=true"
      - "traefik.http.routers.librespeed.tls.certresolver=le"
-      - "traefik.http.routers.librespeed.middlewares=internal-only@file"
+      - "traefik.http.routers.librespeed.middlewares=librespeed-auth@docker"
+      - "traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}"
--- a/ansible/roles/intersect-docker/tasks/librespeed.yml
+++ b/ansible/roles/intersect-docker/tasks/librespeed.yml
@ -1,3 +1,6 @@
+- name: Include librespeed variables
+  include_vars: librespeed.yml
+
 - name: Create librespeed directory
  file:
    path: /opt/librespeed
--- a/ansible/roles/intersect-docker/vars/librespeed.yml
+++ b/ansible/roles/intersect-docker/vars/librespeed.yml
@ -0,0 +1,9 @@
+librespeed_basicauth: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  35356563313534363433663038363934303165303033616366333965653939653430363065613832
+  6361303335363161393130383565346237613362326433630a343663366263626531326633626366
+  30313535643466306662626361326361623536353636333965326131626130613337323732643865
+  3265643930333535630a666362353034376364613731326236363136363562303163646266313265
+  63386138356164633365313239383365393638393738633461393536653935643665626562313835
+  61623635366362303462633432376436326638373339666561383434613364366237366666393332
+  643139616536666232346262386239663931