louim / bedrock-site-protect Goto Github PK
View Code? Open in Web Editor NEWAnsible role: Add htpasswd protection to Trellis (Bedrock-Ansible) WordPress sites.
Home Page: https://galaxy.ansible.com/louim/bedrock-site-protect/
Ansible role: Add htpasswd protection to Trellis (Bedrock-Ansible) WordPress sites.
Home Page: https://galaxy.ansible.com/louim/bedrock-site-protect/
As-tu une idée comment nous pourrions implémenter le support de plusieurs users ?
Je suggère d'utilisé un array de user dans le fichier de configuration comme ceci:
htpasswd:
- name: firstUser
password: firstPassword
- name: secondUser
password: secondPassword
Par contre, lorsque j'essaye de l'implémenter dans ton role, je n'y parvient pas.
- name: Set htpasswd
htpasswd:
path: "{{ htpasswd_path }}/{{ item.0.key }}"
name: "{{ item.1.name }}"
password: "{{ item.1.password }}"
crypt_scheme: "{{ item.1.crypt|default(omit) }}"
owner: root
group: root
mode: 0644
with_subelements:
- wordpress_sites
- htpasswd
- skip_missing: yes
En gros, item.0.key
n'existe pas. Je ne sais pas si tu as une autre solution ?
Thanks.
When I try to run "ansible-playbook server.yml -e env=staging"
I've found that when Let's Encrypt is enabled in Trellis as well as bedrock-site-protect, getting an SSL certificate fails since Let's Encrypt fails the authentication challenge when trying to validate the domain's ownership.
See the latter half of https://discourse.roots.io/t/letsencrypt-acme-challenge-error/6295/9 for where I raised the issue with Trellis before realizing it was to do with auth.
Perhaps an exception can be made, in order to not require auth on the Let's Encrypt routes? It seems that that route is /.well-known/acme-challenge
.
See also certbot/certbot#1744
Just want to first say, this is a great extension and I'm really grateful for you work.
I used this on a client project on which I want to redirect the client's subdomain to my site, but the http authentication didn't allow it.
Would it be possible to add the following?
<RequireAny>
Require ip 22.33.44.55
Require valid-user
</RequireAny>
Thanks. Have an awesome one!
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for dynamic inclusions. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
In tasks/main.yml line 3 and 9
Would be ready to submit a PR but I don't know whether import_tasks or include_tasks is appropriate
This is really a useful addition, thanks for that.
In the README it says:
You may want to add the htpasswd block in the vault.yml file so password will be encrypted.
But that doesn't work. I don't know anything about Ansible syntax but I presume it's because the variable in vault.yml
is called vault_wordpress_sites
and not wordpress_sites
. Would simply changing the var name everywhere work already or is there more to it? In general I think the password should go into vault.yml.
In the current (roots/trellis@f979bec) version of Trellis, I consistently get the following error while running vagrant up --provision
:
TASK [bedrock-site-protect : Set htpasswd] *************************************
System info:
Ansible 2.7.5; Vagrant 2.2.2; Linux
Trellis version (per changelog): "Fix Vagrant trigger path"
---------------------------------------------------
This module requires the passlib Python library
The error is fixed by requiring the library explicitly in trellis/group_vars/all/main.yml
:
...
apt_packages_custom:
python3-passlib: present
...
Ref: https://discourse.roots.io/t/provisioning-with-optipng-gifsicle-and-libjpeg-progs/10005/4
I had never needed to require this library before-hand. Is there a way to have this library installed automatically as a dependency when bedrock-site-protect
is being installed (or is this a Trellis issue)?
Hello, @louim,
Hope you are well. I have been running into this error now and then when provisioning Trellis sites that use bedrock-site-protect
.
TASK [bedrock-site-protect : Set htpasswd] **************************************************************************************************************************************************************************************
System info:
Ansible 2.7.5; Linux
Trellis 1.0.0: December 27th, 2018
---------------------------------------------------
template error while templating string: unexpected char u'$' at 52. String:
^8oea`nE!ke!rQ9-6,g]bQ:g<Q#9@7778Ayrn/$;N{{BwrOt*rtz$?a#tvFE|Hu}
fatal: [example.com]: FAILED! => {}
The offending string will be from vault.yml
generated by https://roots.io/salts.html
Generating a new set of salts usually corrects the issue. Is there a way to clear this up permanently?
Hi,
Running Ansible install fails for me unless version number is set explicitly to 1.1.0
The readme currently says 1.0
which might be worth fixing.
the specified version (1.1) of bedrock-site-protect was not found in the list of available versions
ta
Hey there, this looks like great work, I'm really eager to use it, however, I can't get it to run. I've added the role to the requirements.yml file, installed the role (I can see it inside vendor/roles
set up by the ansible.cfg
file) and added the appropriate line to server.yml. Do I simply need to run a deployment to that environment for this playbook to fire? Maybe I'm misinterpreting your readme, I'd appreciate any input here, thanks!
Hello I am using the latest version of Trellis. I have never had problems with bedrock-site-protect but something is not working now. I haven't done anything different from the previous projects.
This is what I am getting:
template error while templating string: Missing end of comment tag. String:
!aVdPzDfe{h6rxNUM3{3Qn{#.?r*9X}4r-w%dj-:I`mFBZ>4ay4k8UBPudnizV8$
fatal: [138.68.151.12]: FAILED! => {
"failed": true
}
The password is just a string with a number and an exclamation mark and the user is just a string as well:
htpasswd:
- name: Testing
password: Magic123!
Any idea on what could be wrong?
Thanks
New Trellis projects have a requirement.txt
file. The requirement.yml
file seems to be gone. Does this Ansible role still work or is it outdated?
When i run
ansible-playbook server.yml -e env=staging -vvv
i get this error
TASK [bedrock-site-protect : Creating htpasswd folder] ************************************************************************************************************************************************************** task path: /.../trellis/vendor/roles/bedrock-site-protect/tasks/install.yml:9 Using module file /Library/Python/2.7/site-packages/ansible/modules/files/file.py Pipelining is enabled. <xxx.xxx.xxx.xxx> ESTABLISH SSH CONNECTION FOR USER: admin <xxx.xxx.xxx.xxx> SSH: EXEC ssh -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="admin"' -o ConnectTimeout=10 -o ControlPath=/Users/.../.ansible/cp/8105218663 xxx.xxx.xxx.xxx '/bin/sh -c '"'"'python3 && sleep 0'"'"'' <xxx.xxx.xxx.xxx> (1, '\n{"msg": "There was an issue creating /etc/htpasswd as requested: [Errno 13] Permission denied: b\'/etc/htpasswd\'", "path": "/etc/htpasswd", "failed": true, "invocation": {"module_args": {"group": "root", "dest": "/etc/htpasswd", "state": "directory", "mode": 493, "owner": "root", "path": "/etc/htpasswd", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null, "content": null, "backup": null, "remote_src": null, "regexp": null, "delimiter": null, "directory_mode": null, "unsafe_writes": null}}}\n', '') <xxx.xxx.xxx.xxx> Failed to connect to the host via ssh: System info: Ansible 2.8.8; Darwin Trellis 1.3.0: December 7th, 2019
Can you please add a rule that allows the letsencrypt challenge to be accessed?
Something such as this:
location .well-known/acme-challenge {
auth_basic "off";
}
I have only a sketchy understanding of Ansible at present; I am not sure how this would be implemented.
Many thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.