diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-12-28 03:43:54 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-12-28 03:43:54 +0100 |
| commit | c51bc2b05c810db3a4c42353b97799733709106c (patch) | |
| tree | bd405cb865d74da27ecfa8244b15a6452c3a7ce1 /inventory | |
| parent | add apps/upstream role (diff) | |
apps/node-red: 80% done but still (WIP)
Diffstat (limited to 'inventory')
| -rw-r--r-- | inventory/group_vars/appspublishzone-chaos-at-home/vars.yml | 1 | ||||
| -rw-r--r-- | inventory/host_vars/ch-apps/node-red.yml | 50 |
2 files changed, 51 insertions, 0 deletions
diff --git a/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml index 761b3937..03209554 100644 --- a/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml +++ b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml @@ -36,6 +36,7 @@ chaos_at_home_apps_publish_ca_cert: | apps_publish_zone__chaos_at_home: name: chaos-at-home + publisher: ch-http-proxy certificate_provider: static-ca certificate_ca_config: cert_content: "{{ chaos_at_home_apps_publish_ca_cert }}" diff --git a/inventory/host_vars/ch-apps/node-red.yml b/inventory/host_vars/ch-apps/node-red.yml index c84d151c..157043d1 100644 --- a/inventory/host_vars/ch-apps/node-red.yml +++ b/inventory/host_vars/ch-apps/node-red.yml @@ -16,3 +16,53 @@ node_red_instances: extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w + publish: + zone: "{{ apps_publish_zone__chaos_at_home }}" + hostnames: + - node-red.chaos-at-home.org + tls: + certificate_provider: acmetool + certificate_config: + request: + challenge: + http-self-test: false + vhost_extra_directives: | + include snippets/whawty-sso-chaos-at-home.conf; + + location = /healthz { + auth_request off; + return 200; + } + location_extra_directives: | + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-Username $username; + proxy_set_header Authorization ""; + custom_image: + dockerfile: | + RUN npm install passport-trusted-header + extra_settings: | + adminAuth: { + type: "strategy", + strategy: { + name: "trusted-header", + label: "SSO login", + autoLogin: true, + strategy: require("passport-trusted-header").Strategy, + options: { + headers: ['x-username'], + verify: function(requestHeaders, done) { + var username = requestHeaders['x-username'] + if(username === '') { + done("x-username HTTP-Header is empty", null) + } + done(null, { username: username }); + } + }, + }, + users: [ + { username: "equinox", permissions: ["*"] } + ], + default: { + permissions: "read" + } + } |