feat: media configuration with cert header

playbook.yaml

@@ -11,6 +11,7 @@
 - hosts: web1
   roles:
     - { role : web1, tags : [ "web1" ] }
+    - { role : media, tags : [ "media" ] }
 
 - hosts: mail
   roles:

roles/media/files/htpasswd

@@ -0,0 +1,2 @@
+kathi:$y$j9T$HISTORY_PURGED_SECRET
+sheppy:$y$HISTORY_PURGED_SECRET

roles/media/files/nginx_media.conf

@@ -0,0 +1,28 @@
+map $http_x_nginx_cert_auth $basic_auth_val {
+    default "private";
+    true off;
+} 
+
+server {
+
+
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 8000;
+    root /var/www/media;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+
+    location /auth/{
+        auth_basic $basic_auth_val;
+        auth_basic_user_file /etc/nginx/htpasswd;
+    }
+}

roles/media/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+    - global-handlers

roles/media/tasks/main.yaml

@@ -0,0 +1,17 @@
+- name: Install Nginx
+  apt:
+    pkg:
+      - nginx
+    state: present
+
+- name: Deploy nginx-config (page)
+  copy:
+    src: nginx_media.conf
+    dest: /etc/nginx/sites-available/media.conf
+  notify: restart nginx
+
+- name: Deploy nginx basic auth file
+  copy:
+    src: htpasswd
+    dest: /etc/nginx/
+  notify: restart nginx