nginx: Support basic authentication for /admin/forgejo/event.

This allows the Forgejo instance at Codeberg to send POST requests for its web hooks when creating, modifying, or closing pull requests. * nginx-config/nginx-locations.conf: Add location block for /admin/forgejo/event. Co-authored-by: Romain GARBAGE <romain.garbage@inria.fr>

nginx: Support basic authentication for /admin/forgejo/event.
This allows the Forgejo instance at Codeberg to send POST requests for its web hooks when creating, modifying, or closing pull requests. * nginx-config/nginx-locations.conf: Add location block for /admin/forgejo/event. Co-authored-by: Romain GARBAGE <romain.garbage@inria.fr>
49a9179c · Ludovic Courtès · 16bb2f33 · 49a9179c
Commit 49a9179c authored 3 months ago by Ludovic Courtès
--- a/nginx-config/nginx-locations.conf
+++ b/nginx-config/nginx-locations.conf
@@ -11,6 +11,31 @@ location = /nix-cache-info { proxy_pass http://localhost:3000; }
 # Cuirass.
+# Enable HTTP Basic Authentication for events coming from the Forgejo
+# instance at Codeberg.
+location ~ ^/admin/forgejo/event {
+    auth_basic "Forgejo";
+    # The file below must contain "USER:PASSWORD" lines, where
+    # PASSWORD is the password encrypted with crypt(3), available from
+    # the command line as "openssl password".  Make sure to:
+    #
+    #   chown nginx:nginx /etc/nginx-htpasswd
+    #
+    # The Forgejo instance must itself send HTTP headers like:
+    #
+    #   Authorization: Basic STR
+    #
+    # where STR is the base64-encoded string obtained with:
+    #
+    #   echo -n "USER:CLEARTEXTPASSWORD" | base64
+    #
+    # According to <https://datatracker.ietf.org/doc/html/rfc7617#section-2>,
+    # CLEARTEXTPASSWORD must not contain control characters.
+    auth_basic_user_file /etc/nginx-htpasswd;
+    proxy_pass http://localhost:8081;
+}
 # The included file should define the variable $GITLAB_TOKEN using the
 # set directive: "set $GITLAB_TOKEN value;". It should be created
 # manually.