1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
---
node_red_instances:
test:
version: 3.1.3
port: 1880
mqtt_tls:
certificate_provider: managed-ca
certificate_config:
ca:
host: ch-iot
name: mqtt
cert:
common_name: test
extended_key_usage:
- clientAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
publish:
zone: "{{ apps_publish_zone__chaos_at_home }}"
hostnames:
- node-red.chaos-at-home.org
tls:
certificate_provider: acmetool
certificate_config:
request:
challenge:
http-self-test: false
vhost_extra_directives: |
include snippets/whawty-sso-chaos-at-home.conf;
location = /healthz {
auth_request off;
return 200;
}
location_extra_directives: |
auth_request_set $username $upstream_http_x_username;
proxy_set_header X-Username $username;
proxy_set_header Authorization "";
custom_image:
dockerfile: |
RUN npm install passport-trusted-header
extra_settings: |
adminAuth: {
type: "strategy",
strategy: {
name: "trusted-header",
label: "SSO login",
autoLogin: true,
strategy: require("passport-trusted-header").Strategy,
options: {
headers: ['x-username'],
verify: function(requestHeaders, done) {
var username = requestHeaders['x-username']
if(username === '') {
done("x-username HTTP-Header is empty", null)
}
done(null, { username: username });
}
},
},
users: [
{ username: "equinox", permissions: ["*"] }
],
default: {
permissions: "read"
}
}
|
