sitewide auth basic
This commit is contained in:
parent
b56e4e765a
commit
f3721a50db
23
README.md
23
README.md
|
@ -10,8 +10,9 @@ Non-exhaustive list of features :
|
|||
- Integrated ModSecurity WAF with the OWASP Core Rule Set
|
||||
- Automatic ban of strange behaviors with fail2ban
|
||||
- Block TOR users, bad user-agents, countries, ...
|
||||
- Perform automatic DNSBL checks
|
||||
- Detect bad files with ClamAV
|
||||
- Based on alpine and compiled from source
|
||||
- Based on alpine
|
||||
- Easy to configure with environment variables
|
||||
|
||||
# Table of contents
|
||||
|
@ -291,6 +292,26 @@ Values : *yes* | *no*
|
|||
Default value : *no*
|
||||
Is set to yes, will block TOR clients.
|
||||
|
||||
`USE_DNSBL`
|
||||
Values : *yes* | *no*
|
||||
Default value : *yes*
|
||||
If set to yes, DNSBL checks will be performed to the servers specified in the `DNSBL_LIST` environment variable.
|
||||
|
||||
`DNSBL_LIST`
|
||||
Values : *\<list of DNS zones separated with spaces\>*
|
||||
Default value : *bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org*
|
||||
The list of DNSBL zones to query when `USE_DNSBL` is set to *yes*.
|
||||
|
||||
`DNSBL_RESOLVERS`
|
||||
Values : *\<two IP addresses separated with a space\>*
|
||||
Default value : *8.8.8.8 8.8.4.4*
|
||||
The IP addresses of the DNS resolvers to use when `USE_DNSBL` is set to *yes*.
|
||||
|
||||
`DNSBL_CACHE`
|
||||
Values : *\< \>*
|
||||
Default value : *10m*
|
||||
The size of the cache used to keep DNSBL responses.
|
||||
|
||||
## PHP
|
||||
`REMOTE_PHP`
|
||||
Values : *\<any valid IP/hostname\>*
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
auth_basic "%AUTH_BASIC_TEXT%";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
|
@ -113,7 +113,7 @@ USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
|
|||
CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"
|
||||
USE_AUTH_BASIC="${USE_AUTH_BASIC-no}"
|
||||
AUTH_BASIC_TEXT="${AUTH_BASIC_TEXT-Restricted area}"
|
||||
AUTH_BASIC_LOCATION="${AUTH_BASIC_LOCATION-/}"
|
||||
AUTH_BASIC_LOCATION="${AUTH_BASIC_LOCATION-sitewide}"
|
||||
AUTH_BASIC_USER="${AUTH_BASIC_USER-changeme}"
|
||||
AUTH_BASIC_PASSWORD="${AUTH_BASIC_PASSWORD-changeme}"
|
||||
USE_HTTPS_CUSTOM="${USE_HTTPS_CUSTOM-no}"
|
||||
|
@ -370,9 +370,14 @@ else
|
|||
replace_in_file "/etc/nginx/server.conf" "%SERVE_FILES%" ""
|
||||
fi
|
||||
if [ "$USE_AUTH_BASIC" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTH_BASIC%" "include /etc/nginx/auth-basic.conf;"
|
||||
replace_in_file "/etc/nginx/auth-basic.conf" "%AUTH_BASIC_TEXT%" "$AUTH_BASIC_TEXT";
|
||||
replace_in_file "/etc/nginx/auth-basic.conf" "%AUTH_BASIC_LOCATION%" "$AUTH_BASIC_LOCATION";
|
||||
if [ "$AUTH_BASIC_LOCATION" = "sitewide" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTH_BASIC%" "include /etc/nginx/auth-basic-sitewide.conf;"
|
||||
replace_in_file "/etc/nginx/auth-basic-sitewide.conf" "%AUTH_BASIC_TEXT%" "$AUTH_BASIC_TEXT";
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTH_BASIC%" "include /etc/nginx/auth-basic.conf;"
|
||||
replace_in_file "/etc/nginx/auth-basic.conf" "%AUTH_BASIC_LOCATION%" "$AUTH_BASIC_LOCATION";
|
||||
replace_in_file "/etc/nginx/auth-basic.conf" "%AUTH_BASIC_TEXT%" "$AUTH_BASIC_TEXT";
|
||||
fi
|
||||
htpasswd -b -B -c /etc/nginx/.htpasswd "$AUTH_BASIC_USER" "$AUTH_BASIC_PASSWORD"
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTH_BASIC%" ""
|
||||
|
|
Loading…
Reference in New Issue