From 2adc7c808e40b578933e355e48331bc8d4ce818e Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Mon, 29 May 2023 10:55:03 -0700 Subject: [PATCH] Test a configuration for using basic auth with reverse proxy --- .gitignore | 3 +++ shell.nix | 5 +++++ vm.nix | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 shell.nix create mode 100644 vm.nix diff --git a/.gitignore b/.gitignore index 68bc17f..b533823 100644 --- a/.gitignore +++ b/.gitignore @@ -158,3 +158,6 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +# nixos-shell +nixos.qcow2 diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..c8cbf41 --- /dev/null +++ b/shell.nix @@ -0,0 +1,5 @@ +{ pkgs ? import {} }: + +pkgs.mkShell { + buildInputs = [ pkgs.nixos-shell ]; +} diff --git a/vm.nix b/vm.nix new file mode 100644 index 0000000..4bd072d --- /dev/null +++ b/vm.nix @@ -0,0 +1,58 @@ +{ pkgs, ... }: { + boot.kernelPackages = pkgs.linuxPackages_latest; + + nixos-shell.mounts = { + mountHome = false; + mountNixProfile = false; + cache = "none"; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts = { + alpha-fsid = { + listen = [ { addr = "localhost"; port = 8030; } ]; + locations."/".tryFiles = "/dev/null @dummy"; + locations."@dummy" = { + return = "200 'this is alpha'"; + extraConfig = '' + add_header Content-Type text/plain always; + ''; + }; + }; + beta-fsid = { + listen = [ { addr = "localhost"; port = 8031; } ]; + locations."/".tryFiles = "/dev/null @dummy"; + locations."@dummy" = { + return = "200 'youve reached beta'"; + extraConfig = '' + add_header Content-Type text/plain always; + ''; + }; + }; + redirector = { + listen = [ { addr = "localhost"; port = 8032; } ]; + locations."/" = { + proxyPass = "http://127.0.0.1:$target_port"; + basicAuth = { alpha = "alpha"; beta = "beta"; }; + }; + extraConfig = '' + if ($remote_user ~ "alpha|^$") { + set $target_port 8030; + } + if ($remote_user = "beta") { + set $target_port 8031; + } + ''; + }; + }; + + users.users.alpha = { + isNormalUser = true; + password = "alpha"; + }; + + users.users.beta = { + isNormalUser = true; + password = "beta"; + }; +}