Verified Commit ce7c62ca authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Implement authentication via archweb

This implements authentication to our repos.archlinux.org tier 0 mirror
via archweb.
parent f00b9a9d
$ANSIBLE_VAULT;1.1;AES256
63306162336566643630366662653265303939376338636235616239653937363131383434386333
3734623331386639396165313166646164393166623931360a353338386437346366316132643337
66643535396164623932656236633232316135623530613862393666333866663030336433336161
3033306130646265370a316130353338393766623761653035633633623834653439336161616561
32666462313961323664393735643434336162306363626335373235666334626337346130386561
32386337316433393731656632646662346130356535396434376363356261663332376637323839
36666232393564346337616566393336623566643334383835346230333938636135383039633861
37616265396261313237363837346236616331383662636462336263356366383064333532656361
34653735316365366637386561663939336363633763316564646263303136346232396639383437
35663666303562626339343765613563346663326433323162396165653533626239316434356137
32356430323766393061356234643133623439306437373164363339393866616338616462383338
30376365326232386161336366353763323632303964336466353834643561366465353562353664
38383466326533353630663962396662616438303939333434303430623836373164323136333761
62613466356662316461373033643630333734313135613061346130303761636262633033323639
66373737353865316665363737633037393163323166363261383466363530363366356566343166
31396530396662323565393863663336333866313839636266363239636364376130343634613165
39623039383435353639343664656337323330623231663036376131323934393236623531303437
35323565623638643930393362613336303533353561643661613739343239653666666462643238
66303566353465663933396361306135616331643436323565333362353434623530326534346364
65656466623231323366646537383264303966376139616634646334663332383037636163323032
33636265626565373761666538623866313566633833663136663466333237326462643431336438
65316130303535653461643461306261303139386563323530346232366133656165306362613633
666239353561336532623835653935663734
34373565336261636435623037626134306239363436343463363062633131333864373165363031
3037393931396437633135326630333366626537663061350a346136346130343132386434366333
64356266373637616535656531306161393332653036633136393234336436303562636235383535
6366303962643064620a653863646433333539336239656531626134323032643832356165396563
30313261373931343066356132616363653663373339343364313563343332646565363561393562
37633334613931373964323537633361663230343434386565316432393336363263343164353933
35636235663466613562306432383333663066356632613039353962356337333737353439386537
31313439326237366639323230343961393330623633333737353063613963373766363734343064
32316661646437643663323134663762653636383563396562353533613566656662336566393536
31636533343561393534663233663030393363663837363965663038343966353830633764386339
30646163383731376130636462346235616633316161623135303264633332633063633362356638
33306138633064613463386438386365643063616537616666393266336136636530353662636161
66646631613031653339356236356233343936626439396539306462376566306230363933663235
33356362316264383733313437326437636566323263383062343066393435616663306336613465
62373965616134643830313562386437396437353036323038353439613833316233653962663265
36663763393636376138663938643761346434396331336637313034323838393361636135316637
63306630653264366639663031666135343564636564613639333432363431393737376464383263
31343434383331363937323833376232353335626132353332373835303363646562393039636235
30313239656135626539386437626630626162646262336638646435633639356461653935653234
30376266383464623561633139303164376565373761323535616332313630323732396533363730
38353561373937623961343464633465306566616266633038653231653534323533623562376335
31623638643336663637356331656363333633663730316635326133376633303933346461373838
39326537376338313161376537303738376139613631316332663739313266366434323465313335
61323964396331626365363737373566336565333438303935623534626433363130316133626236
64656535613435326464633561343065313865313437366365316162323534666430393234383163
3663353632333065383764313531303631386335646363636363
......@@ -71,4 +71,7 @@ ALLOWED_HOSTS = [{% for host in archweb_allowed_hosts %}'{{ host }}', {% endfor
PGP_SERVER = 'keyserver.ubuntu.com'
TIER0_MIRROR_DOMAIN = 'repos.archlinux.org'
TIER0_MIRROR_SECRET = '{{ vault_archweb_x_sent_from_secret }}'
# vim: set ts=4 sw=4 et:
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=auth_cache:5m inactive=60m;
server {
listen 80;
listen [::]:80;
......@@ -22,9 +24,29 @@ server {
}
location / {
auth_basic "Restricted";
auth_basic_user_file auth/dbscripts.htpasswd;
auth_request /devel/mirrorauth/;
autoindex on;
}
location = /devel/mirrorauth/ {
internal;
# Do not pass the request body, only http authorisation header is required
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# Proxy headers
proxy_set_header Host "archlinux.org";
proxy_set_header X-Sent-From "{{ vault_archweb_x_sent_from_secret }}";
# Cache responses from the auth proxy
proxy_cache auth_cache;
proxy_cache_key "$scheme$proxy_host$request_uri$http_authorization";
# Authentication to archweb
proxy_pass https://archlinux.org;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment