1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
---
# node_red_instances:
# test:
# version: 3.1.3
# port: 1880
# credential_secret: "do-not-tell-anyone"
# mqtt_tls:
# certificate_provider: managed-ca
# certificate_config:
# ca:
# host: iot
# name: mqtt
# cert:
# common_name: test
# extended_key_usage:
# - clientAuth
# extended_key_usage_critical: yes
# create_subject_key_identifier: yes
# not_after: +100w
# publish:
# zone: "{{ apps_publish_zone__foo }}"
# hostnames:
# - node-red.example.com
# tls:
# certificate_provider: ...
# vhost_extra_directives: |
# include snippets/whawty-sso-foo.conf;
#
# location = /healthz {
# auth_request off;
# return 200;
# }
# location_extra_directives: |
# auth_request_set $username $upstream_http_x_username;
# proxy_set_header X-Username $username;
# custom_image:
# dockerfile: |
# RUN npm install passport-trusted-header
# extra_settings: |
# adminAuth: {
# type: "strategy",
# strategy: {
# name: "trusted-header",
# label: "SSO login",
# autoLogin: true,
# strategy: require("passport-trusted-header").Strategy,
# options: {
# headers: ['x-username'],
# verify: function(requestHeaders, done) {
# var username = requestHeaders['x-username']
# if(username === '') {
# done("x-username HTTP-Header is empty", null)
# }
# done(null, { username: username });
# }
# },
# },
# users: [
# { username: "equinox", permissions: ["*"] }
# ],
# default: {
# permissions: "read"
# }
# }
|
