Moved BackupPC authentication configuration to htaccess file

2012-02-08 17:14:09 +02:00 · 2012-02-08 17:14:09 +02:00 · 7cb3953a96
commit 7cb3953a96
parent 1093ac1cf6
4 changed files with 32 additions and 27 deletions
--- a/backuppc/files/backuppc-httpd.conf
+++ b/backuppc/files/backuppc-httpd.conf
@ -0,0 +1,7 @@
+<Directory /usr/share/BackupPC/sbin/>
+  AllowOverride AuthConfig
+</Directory>
+
+Alias       /BackupPC/images /usr/share/BackupPC/html/
+ScriptAlias /BackupPC        /usr/share/BackupPC/sbin/BackupPC_Admin
+ScriptAlias /backuppc        /usr/share/BackupPC/sbin/BackupPC_Admin
--- a/backuppc/files/htaccess
+++ b/backuppc/files/htaccess
@ -0,0 +1,5 @@
+AuthType Basic
+AuthUserFile /etc/BackupPC/apache.users
+AuthName "BackupPC"
+
+require valid-user
--- a/backuppc/manifests/init.pp
+++ b/backuppc/manifests/init.pp
@ -83,7 +83,17 @@ class backuppc::server {

    apache::configfile { "BackupPC.conf":
        http    => false,
-        content => template("backuppc/BackupPC.conf.erb"),
+        source  => "puppet:///modules/backuppc/backuppc-httpd.conf",
+        require => Package["BackupPC"],
+    }
+
+    file { "/usr/share/BackupPC/sbin/.htaccess":
+        ensure  => present,
+        mode    => 0644,
+        owner   => "root",
+        group   => "root",
+        source  => [ "puppet:///files/backuppc/htaccess",
+                     "puppet:///modules/backuppc/htaccess", ],
        require => Package["BackupPC"],
    }

@ -94,6 +104,15 @@ class backuppc::server {
        group   => $apache::sslserver::group,
        require => Package["BackupPC"],
    }
+
+    file { "/etc/BackupPC/apache.users":
+        ensure  => present,
+        mode    => 0640,
+        owner   => "root",
+        group   => $apache::sslserver::group,
+        require => Package["BackupPC"],
+    }
+
    file { "/etc/BackupPC/config.pl":
 	ensure  => present,
 	source  => "puppet:///files/backuppc/config.pl",
--- a/backuppc/templates/BackupPC.conf.erb
+++ b/backuppc/templates/BackupPC.conf.erb
@ -1,26 +0,0 @@
-<Directory       /usr/share/BackupPC/sbin/>
-# BackupPC requires valid authentication in order for the web interface to
-# function properly.  One can view the web interface without authentication
-# though all functionality is disabled.
-# 
-# htpasswd -c /etc/BackupPC/apache.users yourusername
-# 
-
-#order deny,allow
-#deny from all
-#allow from 127.0.0.1
-#AuthType Basic
-#AuthUserFile /etc/BackupPC/apache.users
-#AuthName "BackupPC
-
-<%= backuppc_auth %>
-
-<% backuppc_adminusers.each do |user| -%>
-require user <%= user %>
-<% end -%>
-
-</Directory>
-
-
-Alias           /BackupPC/images        /usr/share/BackupPC/html/
-ScriptAlias     /BackupPC               /usr/share/BackupPC/sbin/BackupPC_Admin