diff options
Diffstat (limited to 'inventory/host_vars/ch-apps/node-red.yml')
-rw-r--r-- | inventory/host_vars/ch-apps/node-red.yml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-apps/node-red.yml b/inventory/host_vars/ch-apps/node-red.yml index c84d151c..157043d1 100644 --- a/inventory/host_vars/ch-apps/node-red.yml +++ b/inventory/host_vars/ch-apps/node-red.yml @@ -16,3 +16,53 @@ node_red_instances: extended_key_usage_critical: yes create_subject_key_identifier: yes not_after: +100w + publish: + zone: "{{ apps_publish_zone__chaos_at_home }}" + hostnames: + - node-red.chaos-at-home.org + tls: + certificate_provider: acmetool + certificate_config: + request: + challenge: + http-self-test: false + vhost_extra_directives: | + include snippets/whawty-sso-chaos-at-home.conf; + + location = /healthz { + auth_request off; + return 200; + } + location_extra_directives: | + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-Username $username; + proxy_set_header Authorization ""; + custom_image: + dockerfile: | + RUN npm install passport-trusted-header + extra_settings: | + adminAuth: { + type: "strategy", + strategy: { + name: "trusted-header", + label: "SSO login", + autoLogin: true, + strategy: require("passport-trusted-header").Strategy, + options: { + headers: ['x-username'], + verify: function(requestHeaders, done) { + var username = requestHeaders['x-username'] + if(username === '') { + done("x-username HTTP-Header is empty", null) + } + done(null, { username: username }); + } + }, + }, + users: [ + { username: "equinox", permissions: ["*"] } + ], + default: { + permissions: "read" + } + } |