An Ansible Role that installs htpasswd
and allows easy configuration of htpasswd
authentication files and credentials (used for HTTP basic authentication with webservers like Apache and Nginx) on Linux-based servers.
None.
Available variables are listed below, along with default values (see defaults/main.yml
):
htpasswd_nolog: true
Whether to show htpasswd credentials in Ansible's log output. Should remain true
unless you're debugging something.
htpasswd_credentials:
- path: /etc/nginx/passwdfile
name: johndoe
password: 'supersecure'
owner: root
group: www-data
mode: 'u+rw,g+r'
- path: /etc/apache2/passwdfile
name: janedoe
password: 'supersecure'
owner: root
group: www-data
mode: 'u+rw,g+r'
A list of credentials to be generated (or removed) in the respective files defined by the path
key for each dict. All parameters except mode
are required (mode
defaults to 'u+rw,g+r'
(0640
in octal)).
htpasswd_required_packages:
- apache2-utils
- python3-passlib
(Debian defaults displayed). You can override the installed packages using this variable (e.g. for CentOS 7, you could change python3-passlib
to python-passlib
).
None.
---
- hosts: apache-server
vars:
htpasswd_credentials:
- path: /etc/apache-passwdfile
name: johndoe
password: 'supersecure'
owner: root
group: apache
mode: 'u+rw,g+r'
apache_remove_default_vhost: True
apache_vhosts:
- listen: "80"
servername: "htpassword.test"
documentroot: "/var/www/html"
extra_parameters: |
<Directory "/var/www/html">
AuthType Basic
AuthName "Apache with basic auth."
AuthUserFile /etc/apache-passwdfile
Require valid-user
</Directory>
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.apache
- geerlingguy.htpasswd
---
- hosts: nginx-server
vars:
htpasswd_credentials:
- path: /etc/nginx/passwdfile
name: johndoe
password: 'supersecure'
owner: root
group: www-data
mode: 'u+rw,g+r'
nginx_remove_default_vhost: True
nginx_vhosts:
- listen: "80"
server_name: "htpassword.test"
root: "/var/www/html"
index: "index.html index.html index.nginx-debian.html"
filename: "htpassword.test.conf"
extra_parameters: |
location / {
auth_basic "Nginx with basic auth.";
auth_basic_user_file /etc/nginx/passwdfile;
}
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.nginx
- geerlingguy.htpasswd
MIT / BSD
This role was created in 2018 by Jeff Geerling, author of Ansible for DevOps.