From 56ebe2ad016d1e55fa3934d7687a8d6de1e430a6 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 6 May 2020 16:11:29 +0100 Subject: [PATCH] Use basic-auth to protect librespeed rather than whitelist --- .../intersect-docker/files/librespeed/docker-compose.yml | 3 ++- ansible/roles/intersect-docker/tasks/librespeed.yml | 3 +++ ansible/roles/intersect-docker/vars/librespeed.yml | 9 +++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/intersect-docker/vars/librespeed.yml diff --git a/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml b/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml index a84d597..d0e39cc 100644 --- a/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml +++ b/ansible/roles/intersect-docker/files/librespeed/docker-compose.yml @@ -13,4 +13,5 @@ services: - "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)" - "traefik.http.routers.librespeed.tls=true" - "traefik.http.routers.librespeed.tls.certresolver=le" - - "traefik.http.routers.librespeed.middlewares=internal-only@file" + - "traefik.http.routers.librespeed.middlewares=librespeed-auth@docker" + - "traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}" diff --git a/ansible/roles/intersect-docker/tasks/librespeed.yml b/ansible/roles/intersect-docker/tasks/librespeed.yml index 35133f9..032dcb0 100644 --- a/ansible/roles/intersect-docker/tasks/librespeed.yml +++ b/ansible/roles/intersect-docker/tasks/librespeed.yml @@ -1,3 +1,6 @@ +- name: Include librespeed variables + include_vars: librespeed.yml + - name: Create librespeed directory file: path: /opt/librespeed diff --git a/ansible/roles/intersect-docker/vars/librespeed.yml b/ansible/roles/intersect-docker/vars/librespeed.yml new file mode 100644 index 0000000..795efb4 --- /dev/null +++ b/ansible/roles/intersect-docker/vars/librespeed.yml @@ -0,0 +1,9 @@ +librespeed_basicauth: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35356563313534363433663038363934303165303033616366333965653939653430363065613832 + 6361303335363161393130383565346237613362326433630a343663366263626531326633626366 + 30313535643466306662626361326361623536353636333965326131626130613337323732643865 + 3265643930333535630a666362353034376364613731326236363136363562303163646266313265 + 63386138356164633365313239383365393638393738633461393536653935643665626562313835 + 61623635366362303462633432376436326638373339666561383434613364366237366666393332 + 643139616536666232346262386239663931