Add TLS options to the reverse-proxy for vino
This adds the option to enable TLS for the vino reverse-proxy. As a bonus, basic_auth has also been parameterized. Change-Id: I202c2184fb0fa08585c150110be1127ff326865e
This commit is contained in:
parent
f093129b32
commit
aee28c9a98
@ -1,11 +1,16 @@
|
||||
FROM nginx:alpine
|
||||
|
||||
ENV USE_BASIC_AUTH="false"
|
||||
ENV BASIC_AUTH_USERNAME="username"
|
||||
ENV BASIC_AUTH_PASSWORD="password"
|
||||
|
||||
RUN apk add --update --no-cache apache2-utils
|
||||
ENV USE_TLS="false"
|
||||
ENV TLS_CRT=""
|
||||
ENV TLS_KEY=""
|
||||
|
||||
COPY assets/default.conf /etc/nginx/conf.d/default.conf
|
||||
RUN apk add --update --no-cache apache2-utils ;
|
||||
|
||||
COPY assets/default.conf.tpl /default.conf.tpl
|
||||
COPY assets/entrypoint.sh /entrypoint.sh
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
||||
|
@ -1,16 +1,12 @@
|
||||
server {
|
||||
listen 8000;
|
||||
server_name localhost;
|
||||
$tls_config
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5000/;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_pass_header Authorization;
|
||||
|
||||
# Basic Auth
|
||||
limit_except OPTIONS {
|
||||
auth_basic "Restricted";
|
||||
auth_basic_user_file "auth.htpasswd";
|
||||
}
|
||||
$basic_auth_config
|
||||
}
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
@ -1,5 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
@ -12,5 +14,37 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
basic_auth_config=''
|
||||
if [ "$USE_BASIC_AUTH" = "true" ]; then
|
||||
htpasswd -Bbn "$BASIC_AUTH_USERNAME" "$BASIC_AUTH_PASSWORD" > /etc/nginx/auth.htpasswd
|
||||
basic_auth_config='
|
||||
# Basic Auth
|
||||
limit_except OPTIONS {
|
||||
auth_basic "Restricted";
|
||||
auth_basic_user_file "auth.htpasswd";
|
||||
}'
|
||||
fi
|
||||
export basic_auth_config
|
||||
|
||||
tls_config='listen 8000;'
|
||||
|
||||
if [ "$USE_TLS" = "true" ]; then
|
||||
mkdir -p /etc/ssl/certs
|
||||
mkdir -p /etc/ssl/private
|
||||
|
||||
echo "$TLS_CRT" > /etc/ssl/certs/redfish-auth.crt
|
||||
echo "$TLS_KEY" > /etc/ssl/private/redfish-auth.key
|
||||
|
||||
tls_config='listen 443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
ssl_certificate /etc/ssl/certs/redfish-auth.crt;
|
||||
ssl_certificate_key /etc/ssl/private/redfish-auth.key;'
|
||||
fi
|
||||
export tls_config
|
||||
|
||||
vars='$basic_auth_config:$tls_config'
|
||||
envsubst "$vars" </default.conf.tpl >/etc/nginx/conf.d/default.conf
|
||||
|
||||
cat /etc/nginx/conf.d/default.conf
|
||||
|
||||
nginx -g 'daemon off;'
|
||||
|
Loading…
Reference in New Issue
Block a user