From 0fbffbb36cc1c85020ac177efae9fd5bd9fe1ee2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Oliver=20B=C3=B6ttcher?= <oliver.boettcher@pixelpark.com>
Date: Wed, 29 Nov 2017 11:48:31 +0100
Subject: [PATCH] =?utf8?q?MHK=20-=20Stage=20htaccess=20f=C3=BCr=20externe?=
 =?utf8?q?=20IPs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 ...age-www01-mhk-kueche-de.pixelpark.net.yaml | 26 ++++++++++++++++++-
 ...age-www02-mhk-kueche-de.pixelpark.net.yaml | 26 ++++++++++++++++++-
 ...age-www03-mhk-kueche-de.pixelpark.net.yaml | 26 ++++++++++++++++++-
 3 files changed, 75 insertions(+), 3 deletions(-)

diff --git a/customer/mhk/stage-www01-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/stage-www01-mhk-kueche-de.pixelpark.net.yaml
index 0165d45a..598c9b4f 100644
--- a/customer/mhk/stage-www01-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/stage-www01-mhk-kueche-de.pixelpark.net.yaml
@@ -4,10 +4,19 @@ infra::additional_classes:
   - infra::profile::apache
   - apache::mod::proxy_ajp
   - apache::mod::headers
+  - apache::mod::remoteip
   - apache::mod::ssl
 
 apache::mpm_module: event
 
+infra::profile::apache::htdigest:
+  staging:
+    staging: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAP7oxv6gMy/0tUEcd/ACYFYY/oB953bnXOnzmbB2knYEiZGmTi6fxOOcaMUiMJqNi1Y8qZNHlVBJPu8y0nHMYJzmlRZ+7MtnZcKcltlFu8xMQuLavTp71IELBns9EHsnTVBC1vZGSgGSR2JyxjT5jj5vrKDcy+CcRPrMwNL0fFXNsrCbGXSqFnsCZmUCABKpGFaJSRxW03es0N9FzwIqY++OJoVoSz6UmR5sEsgIvx06Yes1uSacalWv8Jy4rVRDhegI9V/l2MSNfQUm3taw5fIXIQInLJmB3/Mzbwedn5yPXjnzW/I/V55JHdaKzp/ObGbCvFgTH5TVYGiLOMbVQWDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCA6AhRRo88L1UUUirLWzF5gCCaC0u3kk+Ei9GDRha9TMX0iJTTN9Bl8SiSPpDWfHEd9g==]
+
+apache::mod::remoteip::proxy_ips:
+  - '77.74.235.188'
+  - '77.74.235.189'
+
 infra::profile::apache::pp_vhosts:
   www:
     docroot: '/var/www/mhk'
@@ -17,6 +26,21 @@ infra::profile::apache::pp_vhosts:
       - stage-www-kueche-de.pixelpark.net
       - stage-www01-mhk-kueche-de.pixelpark.net
     ssl: false
+    directories:
+      - location1:
+        provider: location
+        path: '/'
+        auth_type: Digest
+        auth_name: staging
+        auth_digest_provider: file
+        auth_digest_algorithm: MD5
+        auth_user_file: '/etc/httpd/htdigest'
+        auth_require: 'valid-user'
+        require:
+          - local
+          - 'ip 195.185.213.186/32'
+          - 'ip 217.66.51.0/24'
+          - 'ip 83.125.19.254/32'
     rewrites:
       - to_ssl:
         comment: 'all to https'
@@ -104,7 +128,7 @@ infra::profile::apache::pp_vhosts:
             url: '/'
     setenvif:
       - 'HTTPS on HTTPS=on'
-    access_log_format: lb_combined
+    access_log_format: remote_combined
     error_documents:
       - { error_code: 500 , document: "/errors/500.html" }
       - { error_code: 501 , document: "/errors/500.html" }
diff --git a/customer/mhk/stage-www02-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/stage-www02-mhk-kueche-de.pixelpark.net.yaml
index d285371a..3a54286d 100644
--- a/customer/mhk/stage-www02-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/stage-www02-mhk-kueche-de.pixelpark.net.yaml
@@ -4,10 +4,19 @@ infra::additional_classes:
   - infra::profile::apache
   - apache::mod::proxy_ajp
   - apache::mod::headers
+  - apache::mod::remoteip
   - apache::mod::ssl
 
 apache::mpm_module: event
 
+infra::profile::apache::htdigest:
+  staging:
+    staging: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAP7oxv6gMy/0tUEcd/ACYFYY/oB953bnXOnzmbB2knYEiZGmTi6fxOOcaMUiMJqNi1Y8qZNHlVBJPu8y0nHMYJzmlRZ+7MtnZcKcltlFu8xMQuLavTp71IELBns9EHsnTVBC1vZGSgGSR2JyxjT5jj5vrKDcy+CcRPrMwNL0fFXNsrCbGXSqFnsCZmUCABKpGFaJSRxW03es0N9FzwIqY++OJoVoSz6UmR5sEsgIvx06Yes1uSacalWv8Jy4rVRDhegI9V/l2MSNfQUm3taw5fIXIQInLJmB3/Mzbwedn5yPXjnzW/I/V55JHdaKzp/ObGbCvFgTH5TVYGiLOMbVQWDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCA6AhRRo88L1UUUirLWzF5gCCaC0u3kk+Ei9GDRha9TMX0iJTTN9Bl8SiSPpDWfHEd9g==]
+
+apache::mod::remoteip::proxy_ips:
+  - '77.74.235.188'
+  - '77.74.235.189'
+
 infra::profile::apache::pp_vhosts:
   www:
     docroot: '/var/www/mhk'
@@ -17,6 +26,21 @@ infra::profile::apache::pp_vhosts:
       - stage-www-kueche-de.pixelpark.net
       - stage-www02-mhk-kueche-de.pixelpark.net
     ssl: false
+    directories:
+      - location1:
+        provider: location
+        path: '/'
+        auth_type: Digest
+        auth_name: staging
+        auth_digest_provider: file
+        auth_digest_algorithm: MD5
+        auth_user_file: '/etc/httpd/htdigest'
+        auth_require: 'valid-user'
+        require:
+          - local
+          - 'ip 195.185.213.186/32'
+          - 'ip 217.66.51.0/24'
+          - 'ip 83.125.19.254/32'
     rewrites:
       - to_ssl:
         comment: 'all to https'
@@ -104,7 +128,7 @@ infra::profile::apache::pp_vhosts:
             url: '/'
     setenvif:
       - 'HTTPS on HTTPS=on'
-    access_log_format: lb_combined
+    access_log_format: remote_combined
     error_documents:
       - { error_code: 500 , document: "/errors/500.html" }
       - { error_code: 501 , document: "/errors/500.html" }
diff --git a/customer/mhk/stage-www03-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/stage-www03-mhk-kueche-de.pixelpark.net.yaml
index ad997122..c1c87fbd 100644
--- a/customer/mhk/stage-www03-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/stage-www03-mhk-kueche-de.pixelpark.net.yaml
@@ -4,10 +4,19 @@ infra::additional_classes:
   - infra::profile::apache
   - apache::mod::proxy_ajp
   - apache::mod::headers
+  - apache::mod::remoteip
   - apache::mod::ssl
 
 apache::mpm_module: event
 
+infra::profile::apache::htdigest:
+  staging:
+    staging: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAP7oxv6gMy/0tUEcd/ACYFYY/oB953bnXOnzmbB2knYEiZGmTi6fxOOcaMUiMJqNi1Y8qZNHlVBJPu8y0nHMYJzmlRZ+7MtnZcKcltlFu8xMQuLavTp71IELBns9EHsnTVBC1vZGSgGSR2JyxjT5jj5vrKDcy+CcRPrMwNL0fFXNsrCbGXSqFnsCZmUCABKpGFaJSRxW03es0N9FzwIqY++OJoVoSz6UmR5sEsgIvx06Yes1uSacalWv8Jy4rVRDhegI9V/l2MSNfQUm3taw5fIXIQInLJmB3/Mzbwedn5yPXjnzW/I/V55JHdaKzp/ObGbCvFgTH5TVYGiLOMbVQWDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCA6AhRRo88L1UUUirLWzF5gCCaC0u3kk+Ei9GDRha9TMX0iJTTN9Bl8SiSPpDWfHEd9g==]
+
+apache::mod::remoteip::proxy_ips:
+  - '77.74.235.188'
+  - '77.74.235.189'
+
 infra::profile::apache::pp_vhosts:
   www:
     docroot: '/var/www/mhk'
@@ -17,6 +26,21 @@ infra::profile::apache::pp_vhosts:
       - stage-www-kueche-de.pixelpark.net
       - stage-www03-mhk-kueche-de.pixelpark.net
     ssl: false
+    directories:
+      - location1:
+        provider: location
+        path: '/'
+        auth_type: Digest
+        auth_name: staging
+        auth_digest_provider: file
+        auth_digest_algorithm: MD5
+        auth_user_file: '/etc/httpd/htdigest'
+        auth_require: 'valid-user'
+        require:
+          - local
+          - 'ip 195.185.213.186/32'
+          - 'ip 217.66.51.0/24'
+          - 'ip 83.125.19.254/32'
     rewrites:
       - to_ssl:
         comment: 'all to https'
@@ -104,7 +128,7 @@ infra::profile::apache::pp_vhosts:
             url: '/'
     setenvif:
       - 'HTTPS on HTTPS=on'
-    access_log_format: lb_combined
+    access_log_format: remote_combined
     error_documents:
       - { error_code: 500 , document: "/errors/500.html" }
       - { error_code: 501 , document: "/errors/500.html" }
-- 
2.39.5