geerlingguy.htpasswd

Panoramica Versioni Approfondimenti

Ansible Role: htpasswd

CI

This Ansible Role installs htpasswd and makes it easy to set up htpasswd authentication files and user credentials (which are used for basic HTTP authentication with web servers like Apache and Nginx) on Linux servers.

Requirements

No special requirements.

Role Variables

Here are the available variables with their default values (see defaults/main.yml):

htpasswd_nolog: true

This controls whether to show the htpasswd credentials in Ansible's logs. Keep it true unless you're troubleshooting.

htpasswd_credentials:
  - path: /etc/nginx/passwdfile
    name: johndoe
    password: 'supersecure'
    owner: root
    group: www-data
    mode: 'u+rw,g+r'

  - path: /etc/apache2/passwdfile
    name: janedoe
    password: 'supersecure'
    owner: root
    group: www-data
    mode: 'u+rw,g+r'

A list of user credentials to create (or remove) in the specified files. All parameters except mode are mandatory. The default for mode is 'u+rw,g+r' (which is 0640 in octal).

htpasswd_required_packages:
  - apache2-utils
  - python3-passlib

(Default packages for Debian shown). You can change the installed packages using this variable (for example, on CentOS 7, replace python3-passlib with python-passlib).

Dependencies

No dependencies.

Example Playbooks

Apache Example

---
- hosts: apache-server

  vars:
    htpasswd_credentials:
      - path: /etc/apache-passwdfile
        name: johndoe
        password: 'supersecure'
        owner: root
        group: apache
        mode: 'u+rw,g+r'

    apache_remove_default_vhost: True
    apache_vhosts:
      - listen: "80"
        servername: "htpassword.test"
        documentroot: "/var/www/html"
        extra_parameters: |
              <Directory "/var/www/html">
                  AuthType Basic
                  AuthName "Apache with basic auth."
                  AuthUserFile /etc/apache-passwdfile
                  Require valid-user
              </Directory>

  pre_tasks:
    - name: Update apt cache.
      apt: update_cache=yes cache_valid_time=600
      when: ansible_os_family == 'Debian'

  roles:
    - geerlingguy.apache
    - geerlingguy.htpasswd

Nginx Example

---
- hosts: nginx-server

  vars:
    htpasswd_credentials:
      - path: /etc/nginx/passwdfile
        name: johndoe
        password: 'supersecure'
        owner: root
        group: www-data
        mode: 'u+rw,g+r'

    nginx_remove_default_vhost: True
    nginx_vhosts:
      - listen: "80"
        server_name: "htpassword.test"
        root: "/var/www/html"
        index: "index.html index.html index.nginx-debian.html"
        filename: "htpassword.test.conf"
        extra_parameters: |
              location / {
                  auth_basic           "Nginx with basic auth.";
                  auth_basic_user_file /etc/nginx/passwdfile;
              }

  pre_tasks:
    - name: Update apt cache.
      apt: update_cache=yes cache_valid_time=600
      when: ansible_os_family == 'Debian'

  roles:
    - geerlingguy.nginx
    - geerlingguy.htpasswd

License

MIT / BSD

Author Information

This role was created in 2018 by Jeff Geerling, who also wrote Ansible for DevOps.

Informazioni sul progetto

htpasswd installation and helper role for Linux servers.

role apache authentication basic htaccess htpasswd http nginx security system web webserver
Installa
ansible-galaxy install geerlingguy.htpasswd
GitHub repository
31 stelle
17 fork
2 problemi aperti
Licenza
mit
Download
139.6k
Proprietario
Jeff Geerling
Father, author, developer, maker. Sometimes called "an inflammatory enigma". #stl #drupal #ansible #k8s #raspberrypi #crohns