Use basic-auth to protect librespeed rather than whitelist

This commit is contained in:
Jake Howard 2020-05-06 16:11:29 +01:00
parent aad14a4ceb
commit 56ebe2ad01
Signed by: jake
GPG key ID: 57AFB45680EDD477
3 changed files with 14 additions and 1 deletions

View file

@ -13,4 +13,5 @@ services:
- "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)" - "traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`)"
- "traefik.http.routers.librespeed.tls=true" - "traefik.http.routers.librespeed.tls=true"
- "traefik.http.routers.librespeed.tls.certresolver=le" - "traefik.http.routers.librespeed.tls.certresolver=le"
- "traefik.http.routers.librespeed.middlewares=internal-only@file" - "traefik.http.routers.librespeed.middlewares=librespeed-auth@docker"
- "traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }}"

View file

@ -1,3 +1,6 @@
- name: Include librespeed variables
include_vars: librespeed.yml
- name: Create librespeed directory - name: Create librespeed directory
file: file:
path: /opt/librespeed path: /opt/librespeed

View file

@ -0,0 +1,9 @@
librespeed_basicauth: !vault |
$ANSIBLE_VAULT;1.1;AES256
35356563313534363433663038363934303165303033616366333965653939653430363065613832
6361303335363161393130383565346237613362326433630a343663366263626531326633626366
30313535643466306662626361326361623536353636333965326131626130613337323732643865
3265643930333535630a666362353034376364613731326236363136363562303163646266313265
63386138356164633365313239383365393638393738633461393536653935643665626562313835
61623635366362303462633432376436326638373339666561383434613364366237366666393332
643139616536666232346262386239663931