Add "satisfy" option to the location section
https://www.nginx.com/resources/admin-guide/restricting-access/ http://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=1.238118336.1949645469.1456390584#satisfy
This commit is contained in:
parent
9b673763bb
commit
2154002e73
4 changed files with 22 additions and 0 deletions
|
@ -11,6 +11,7 @@
|
||||||
# entry to include with
|
# entry to include with
|
||||||
# [*location*] - Specifies the URI associated with this location
|
# [*location*] - Specifies the URI associated with this location
|
||||||
# entry
|
# entry
|
||||||
|
# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access.
|
||||||
# [*location_allow*] - Array: Locations to allow connections from.
|
# [*location_allow*] - Array: Locations to allow connections from.
|
||||||
# [*location_deny*] - Array: Locations to deny connections from.
|
# [*location_deny*] - Array: Locations to deny connections from.
|
||||||
# [*www_root*] - Specifies the location on disk for files to be
|
# [*www_root*] - Specifies the location on disk for files to be
|
||||||
|
@ -156,6 +157,7 @@ define nginx::resource::location (
|
||||||
$ssl = false,
|
$ssl = false,
|
||||||
$ssl_only = false,
|
$ssl_only = false,
|
||||||
$location_alias = undef,
|
$location_alias = undef,
|
||||||
|
$location_satisfy = undef,
|
||||||
$location_allow = undef,
|
$location_allow = undef,
|
||||||
$location_deny = undef,
|
$location_deny = undef,
|
||||||
$option = undef,
|
$option = undef,
|
||||||
|
@ -239,6 +241,10 @@ define nginx::resource::location (
|
||||||
if ($location_alias != undef) {
|
if ($location_alias != undef) {
|
||||||
validate_string($location_alias)
|
validate_string($location_alias)
|
||||||
}
|
}
|
||||||
|
if ($location_satisfy != undef) {
|
||||||
|
validate_re($location_satisfy, '^(any|all)$',
|
||||||
|
"${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.")
|
||||||
|
}
|
||||||
if ($location_allow != undef) {
|
if ($location_allow != undef) {
|
||||||
validate_array($location_allow)
|
validate_array($location_allow)
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
# vHost on. Defaults to UNIX /var/run/nginx.sock
|
# vHost on. Defaults to UNIX /var/run/nginx.sock
|
||||||
# [*listen_unix_socket_options*] - Extra options for listen directive like
|
# [*listen_unix_socket_options*] - Extra options for listen directive like
|
||||||
# 'default' to catchall. Undef by default.
|
# 'default' to catchall. Undef by default.
|
||||||
|
# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access.
|
||||||
# [*location_allow*] - Array: Locations to allow connections from.
|
# [*location_allow*] - Array: Locations to allow connections from.
|
||||||
# [*location_deny*] - Array: Locations to deny connections from.
|
# [*location_deny*] - Array: Locations to deny connections from.
|
||||||
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
|
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
|
||||||
|
@ -178,6 +179,7 @@ define nginx::resource::vhost (
|
||||||
$listen_unix_socket_enable = false,
|
$listen_unix_socket_enable = false,
|
||||||
$listen_unix_socket = '/var/run/nginx.sock',
|
$listen_unix_socket = '/var/run/nginx.sock',
|
||||||
$listen_unix_socket_options = undef,
|
$listen_unix_socket_options = undef,
|
||||||
|
$location_satisfy = undef,
|
||||||
$location_allow = [],
|
$location_allow = [],
|
||||||
$location_deny = [],
|
$location_deny = [],
|
||||||
$ipv6_enable = false,
|
$ipv6_enable = false,
|
||||||
|
@ -290,6 +292,10 @@ define nginx::resource::vhost (
|
||||||
if ($listen_unix_socket_options != undef) {
|
if ($listen_unix_socket_options != undef) {
|
||||||
validate_string($listen_unix_socket_options)
|
validate_string($listen_unix_socket_options)
|
||||||
}
|
}
|
||||||
|
if ($location_satisfy != undef) {
|
||||||
|
validate_re($location_satisfy, '^(any|all)$',
|
||||||
|
"${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.")
|
||||||
|
}
|
||||||
validate_array($location_allow)
|
validate_array($location_allow)
|
||||||
validate_array($location_deny)
|
validate_array($location_deny)
|
||||||
validate_bool($ipv6_enable)
|
validate_bool($ipv6_enable)
|
||||||
|
@ -557,6 +563,7 @@ define nginx::resource::vhost (
|
||||||
ssl => $ssl,
|
ssl => $ssl,
|
||||||
ssl_only => $ssl_only,
|
ssl_only => $ssl_only,
|
||||||
location => '/',
|
location => '/',
|
||||||
|
location_satisfy => $location_satisfy,
|
||||||
location_allow => $location_allow,
|
location_allow => $location_allow,
|
||||||
location_deny => $location_deny,
|
location_deny => $location_deny,
|
||||||
proxy => $proxy,
|
proxy => $proxy,
|
||||||
|
|
|
@ -70,6 +70,12 @@ describe 'nginx::resource::location' do
|
||||||
:value => true,
|
:value => true,
|
||||||
:match => ' flv;'
|
:match => ' flv;'
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
:title => 'should set location_satisfy',
|
||||||
|
:attr => 'location_satisfy',
|
||||||
|
:value => 'any',
|
||||||
|
:match => ' satisfy any;'
|
||||||
|
},
|
||||||
{
|
{
|
||||||
:title => 'should set location_allow',
|
:title => 'should set location_allow',
|
||||||
:attr => 'location_allow',
|
:attr => 'location_allow',
|
||||||
|
|
|
@ -9,6 +9,9 @@
|
||||||
<% if @flv -%>
|
<% if @flv -%>
|
||||||
flv;
|
flv;
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% if @location_satisfy -%>
|
||||||
|
satisfy <%= @location_satisfy -%>;
|
||||||
|
<% end -%>
|
||||||
<% if @location_allow -%>
|
<% if @location_allow -%>
|
||||||
<%- @location_allow.each do |allow_rule| -%>
|
<%- @location_allow.each do |allow_rule| -%>
|
||||||
allow <%= allow_rule %>;
|
allow <%= allow_rule %>;
|
||||||
|
|
Loading…
Reference in a new issue