summaryrefslogtreecommitdiff
path: root/inventory/host_vars/ch-apps/node-red.yml
diff options
context:
space:
mode:
Diffstat (limited to 'inventory/host_vars/ch-apps/node-red.yml')
-rw-r--r--inventory/host_vars/ch-apps/node-red.yml50
1 files changed, 50 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-apps/node-red.yml b/inventory/host_vars/ch-apps/node-red.yml
index c84d151c..157043d1 100644
--- a/inventory/host_vars/ch-apps/node-red.yml
+++ b/inventory/host_vars/ch-apps/node-red.yml
@@ -16,3 +16,53 @@ node_red_instances:
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
+ publish:
+ zone: "{{ apps_publish_zone__chaos_at_home }}"
+ hostnames:
+ - node-red.chaos-at-home.org
+ tls:
+ certificate_provider: acmetool
+ certificate_config:
+ request:
+ challenge:
+ http-self-test: false
+ vhost_extra_directives: |
+ include snippets/whawty-sso-chaos-at-home.conf;
+
+ location = /healthz {
+ auth_request off;
+ return 200;
+ }
+ location_extra_directives: |
+ auth_request_set $username $upstream_http_x_username;
+ proxy_set_header X-Username $username;
+ proxy_set_header Authorization "";
+ custom_image:
+ dockerfile: |
+ RUN npm install passport-trusted-header
+ extra_settings: |
+ adminAuth: {
+ type: "strategy",
+ strategy: {
+ name: "trusted-header",
+ label: "SSO login",
+ autoLogin: true,
+ strategy: require("passport-trusted-header").Strategy,
+ options: {
+ headers: ['x-username'],
+ verify: function(requestHeaders, done) {
+ var username = requestHeaders['x-username']
+ if(username === '') {
+ done("x-username HTTP-Header is empty", null)
+ }
+ done(null, { username: username });
+ }
+ },
+ },
+ users: [
+ { username: "equinox", permissions: ["*"] }
+ ],
+ default: {
+ permissions: "read"
+ }
+ }