mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-16 14:54:29 +01:00
nginx: allow basic auth passwords to be specified in a file
This commit is contained in:
parent
c84dad316a
commit
4d40adb86d
2 changed files with 17 additions and 11 deletions
|
@ -218,7 +218,10 @@ let
|
|||
ssl_certificate_key ${vhost.sslCertificateKey};
|
||||
''}
|
||||
|
||||
${optionalString (vhost.basicAuth != {}) (mkBasicAuth vhostName vhost.basicAuth)}
|
||||
${optionalString (vhost.basicAuthFile != null || vhost.basicAuth != {}) ''
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${if vhost.basicAuthFile != null then vhost.basicAuthFile else mkHtpasswd vhostName vhost.basicAuth};
|
||||
''}
|
||||
|
||||
${mkLocations vhost.locations}
|
||||
|
||||
|
@ -248,16 +251,11 @@ let
|
|||
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
|
||||
}
|
||||
'') locations);
|
||||
mkBasicAuth = vhostName: authDef: let
|
||||
htpasswdFile = pkgs.writeText "${vhostName}.htpasswd" (
|
||||
concatStringsSep "\n" (mapAttrsToList (user: password: ''
|
||||
${user}:{PLAIN}${password}
|
||||
'') authDef)
|
||||
);
|
||||
in ''
|
||||
auth_basic secured;
|
||||
auth_basic_user_file ${htpasswdFile};
|
||||
'';
|
||||
mkHtpasswd = vhostName: authDef: pkgs.writeText "${vhostName}.htpasswd" (
|
||||
concatStringsSep "\n" (mapAttrsToList (user: password: ''
|
||||
${user}:{PLAIN}${password}
|
||||
'') authDef)
|
||||
);
|
||||
in
|
||||
|
||||
{
|
||||
|
|
|
@ -193,6 +193,14 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
basicAuthFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Basic Auth password file for a vhost.
|
||||
'';
|
||||
};
|
||||
|
||||
locations = mkOption {
|
||||
type = types.attrsOf (types.submodule (import ./location-options.nix {
|
||||
inherit lib;
|
||||
|
|
Loading…
Reference in a new issue