[#457] Enable skipping Basic Auth for connections from VPN

Enable skipping Basic Auth for connections from VPN addresses by adding the two VPN addresses to the pool of unrestricted addresses. Reason for this is that currently any scripting on webpage using chrome driver is affected by entering credentials/confirming credentials manually. Enabling to skip this Basic Auth for dev, test and staging would easy any script driven operation on these environments. Changes: - Added two VPN addresses to the pool of unrestricted IP addresses in the nginx configuration to bypass Basic Auth verification when accessing specific domains.
IntersectMBO · Mar 19, 2024 · 59adf03 · 59adf03
1 parent 8a98945
commit 59adf03
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/scripts/govtool/config.mk b/scripts/govtool/config.mk
@@ -100,7 +100,12 @@ $(target_config_dir)/grafana-provisioning/alerting/alerting.yml: $(template_conf
 $(target_config_dir)/nginx/auth.conf: $(target_config_dir)/nginx/
 	@:$(call check_defined, domain)
 	if [[ "$(domain)" == *"sanchonet.govtool.byron.network"* ]]; then \
-	  echo "auth_basic \"Restricted\";" > $@; \
+	  echo 'map $$http_x_forwarded_for $$auth {' > $@; \
+	  echo "  default \"Restricted\";" >> $@; \
+	  echo "  $${IP_ADDRESS_BYPASSING_BASIC_AUTH1} \"off\";" >> $@; \
+	  echo "  $${IP_ADDRESS_BYPASSING_BASIC_AUTH2} \"off\";" >> $@; \
+	  echo "}" >> $@; \
+	  echo 'auth_basic $$auth;' >> $@; \
 	  echo "auth_basic_user_file /etc/nginx/conf.d/govtool.htpasswd;" >> $@; \
 	else \
 	  echo > $@; \