Skip to content
Snippets Groups Projects

Draft: Add basic authentication on publisher

Closed Pablo Vigo Mas requested to merge pvigo/aptly:wip/pvigo/add-static-auth into collabora/staging
4 unresolved threads

Due to project requirements, it is necessary to implement authentication on the web server to allow reading only for authorized users. To apply this configuration, rules and settings have been modified to allow access to the root but not to subfolders.

Signed-off-by: Pablo Vigo pvigo@collabora.com

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
114 117 - name: apache-config
115 118 configMap:
116 119 name: {{ include "aptly.fullname" . }}-publish
120 - name: apache-auth
121 secret:
122 secretName: apache-auth
  • Comment on lines +120 to +122

    This shows we need a hook here, just like extraVolumeMounts:

    Suggested change
    120 - name: apache-auth
    121 secret:
    122 secretName: apache-auth
    120 {{- if .Values.extraVolumes }}
    121 {{- toYaml .Values.extraVolumes | nindent 8 }}
    122 {{- end }}
    Edited by Emanuele Aina
  • Please register or sign in to reply
  • Emanuele Aina
    Emanuele Aina @em started a thread on the diff
  • 22 22 LoadModule unixd_module modules/mod_unixd.so
    23 23 LoadModule dir_module modules/mod_dir.so
    24 24 LoadModule autoindex_module modules/mod_autoindex.so
    25 LoadModule authz_user_module modules/mod_authz_user.so
    26 LoadModule authn_core_module modules/mod_authn_core.so
    27 LoadModule authn_file_module modules/mod_authn_file.so
    28 LoadModule auth_basic_module modules/mod_auth_basic.so
    29 LoadModule access_compat_module modules/mod_access_compat.so
    30 LoadModule authz_host_module modules/mod_authz_host.so
  • Emanuele Aina
    Emanuele Aina @em started a thread on the diff
  • 54 Options +Indexes
    55 </Directory>
    56
    57 <DirectoryMatch "/data/.*/">
    58 Require all denied
    51 59 AllowMethods GET
    52 60 AllowOverride none
    53 Require all granted
    54 61 Options +Indexes
    55 62 AddDefaultCharset utf-8
    56 </Directory>
    63 AuthType Basic
    64 AuthName "Restricted Content"
    65 AuthUserFile /usr/local/apache2/.htpasswd
    66 Require valid-user
    67 </DirectoryMatch>
    • Comment on lines -44 to +67

      The custom config should be injected with .Values.publish.config.after_body when calling the chart, controlled by the inventories as the exact config will be different instance by instance.

    • Please register or sign in to reply
  • Emanuele Aina
    Emanuele Aina @em started a thread on the diff
  • 57 <DirectoryMatch "/data/.*/">
    58 Require all denied
    51 59 AllowMethods GET
    52 60 AllowOverride none
    53 Require all granted
    54 61 Options +Indexes
    55 62 AddDefaultCharset utf-8
    56 </Directory>
    63 AuthType Basic
    64 AuthName "Restricted Content"
    65 AuthUserFile /usr/local/apache2/.htpasswd
    66 Require valid-user
    67 </DirectoryMatch>
    57 68
    58 69 define SNAPSHOTS_SERVICE "{{ include "aptly.fullname" . }}-latest-snapshots.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.latestSnapshots.service.port }}"
    59 70 <LocationMatch "^/apertis/dists/(?<dist>[^/]+)/snapshots/latest\.txt$">
  • Please register or sign in to reply
    Loading