diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-10-01 20:28:56 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-10-01 20:28:56 +0200 |
| commit | 30eff2fb90b93e30b51f98662fbc3bda5e9131d4 (patch) | |
| tree | 630611d07f8cca3b8dd37394ecc7fce60631ce09 /dan | |
| parent | add test for apu running openwrt (diff) | |
add role for nginx-sso
Diffstat (limited to 'dan')
| -rw-r--r-- | dan/sk-testvm.yml | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml index 33d237cd..88af0dc5 100644 --- a/dan/sk-testvm.yml +++ b/dan/sk-testvm.yml @@ -11,18 +11,20 @@ - name: Payload Setup hosts: sk-testvm vars: - # acme_client: uacme + acme_client: uacme # acme_client: acmetool - # cert_provider: "{{ acme_client }}" + cert_provider: "{{ acme_client }}" # cert_provider: static # cert_provider: selfsigned - cert_provider: ownca + # cert_provider: ownca roles: - role: apt-repo/spreadspace - role: kubernetes/base - role: kubernetes/standalone/base - role: "x509/{{ cert_provider }}/base" - role: nginx/base + - role: nginx/auth/sso/base + - role: nginx/auth/sso/backend - role: nginx/vhost nginx_vhost: default: yes @@ -40,6 +42,22 @@ index: index.html - role: nginx/vhost nginx_vhost: + name: login + template: generic + tls: + certificate_provider: "{{ cert_provider }}" + certificate_config: "{{ lookup('vars', cert_provider+'_cert_config__test', default={}) }}" + hsts: no + hostnames: + - login.spreadspace.org + - login.spreadspace.com + - login.spreadspace.net + - login.spreadspace.systems + locations: + '/': + proxy_pass: http://127.0.0.1:8082 + - role: nginx/vhost + nginx_vhost: name: test template: generic tls: @@ -51,10 +69,18 @@ - test.spreadspace.com - test.spreadspace.net - test.spreadspace.systems + extra_directives: | + include snippets/sso-spreadspace.conf; locations: '/': + # proxy_pass: http://127.0.0.1:8080 root: /var/www/test index: index.html + extra_directives: | + #auth_request_set $username $upstream_http_x_username; + #proxy_set_header Remote-User $username; + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; # - role: apps/mumble # mumble_version: v1.4.274-4 # mumble_instance: spreadspace |