Ansible role: Add htpasswd protection to Trellis (Bedrock-Ansible) WordPress sites.
This role is specifically crafted to go with Trellis. It will allow you to set Basic authentication on your bedrock websites. This is especially useful during development if you have a staging environment that you don't want the world to see.
This role is made for Trellis (previously known as Bedrock-Ansible), so it depends on it.
The role will read from the wordpress_sites
dict set in environments files of Trellis. It will search for the htpasswd
key.
wordpress_sites: example.com: site_hosts: - canonical: example.dev local_path: '../site' # path targeting local Bedrock site directory (relative to Ansible root) admin_email: [email protected] multisite: enabled: false ssl: enabled: false cache: enabled: false htpasswd: - name: user password: secret - name: user2 password: secret2
You may want to add the htpasswd
block in the vault.yml
file so password will be encrypted.
You can also set the htpasswd_path
to specify the folder used to store htpasswd
files. The default is /etc/htpasswd
. If you want to set this parameter, it is recommended that you set it in the group_vars/all/main.yml
file, so it will be the same for all environments.
To get started, add this role (louim.bedrock-site-protect
) to the galaxy.yml
file in your Trellis installation like so:
- name: bedrock-site-protect
src: louim.bedrock-site-protect
version: 2.0.0
Then re-run the ansible-galaxy install -r galaxy.yml
to install the new role. You might need to add the -f
option to force install of previously downloaded roles.
You will also need to add the role to the server.yml
like so:
roles:
... other Trellis roles ...
- { role: bedrock-site-protect, tags: [htpasswd, wordpress, wordpress-setup, letsencrypt] }
To Add: Run the Trellis command to set up your previously configured remote server: ansible-playbook server.yml -e env=<environment>
To Remove: Remove the following htpasswd
block:
htpasswd: - name: user password: secret
in the wordpress_sites
dict set, and reconfigure via: ansible-playbook server.yml -e env=<environment>
.
MIT
© Louis-Michel Couture 2018. Role inspired by ansible-htpasswd by franklinkim