X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;ds=sidebyside;f=modules%2Froles%2Ffiles%2Fjenkins%2Fjenkins.debian.org;h=e9b35eed66057ae619fa3f2b6a3261c387714306;hb=f6222760448f46469050366c9e8d834744270542;hp=e8d9ebed55eb968b5d0ccec94ea0233182df60e1;hpb=32cc0ca47da8021103744f26d3ced982ea0c22ad;p=dsa-puppet.git

diff --git a/modules/roles/files/jenkins/jenkins.debian.org b/modules/roles/files/jenkins/jenkins.debian.org
index e8d9ebed..e9b35eed 100644
--- a/modules/roles/files/jenkins/jenkins.debian.org
+++ b/modules/roles/files/jenkins/jenkins.debian.org
@@ -28,6 +28,27 @@ Use common-debian-service-https-redirect * jenkins.debian.org
 			Allow from all
 		</Proxy>
 		AllowEncodedSlashes NoDecode
+
+		<Location /http-auth-jenkins/>
+			AuthName "Debian Jenkins"
+			AuthType Digest
+			AuthDigestProvider file
+			AuthUserFile /srv/jenkins.debian.org/etc/htdigest
+			Require valid-user
+
+			RewriteEngine On
+			# see the Apache documentation on why this has to be lookahead
+			RewriteCond %{LA-U:REMOTE_USER} (.+)
+			# this actually doesn't rewrite anything. what we do here is to set RU to the match above
+			# "NS" prevents flooding the error log
+			RewriteRule .* - [E=RU:%1,NS]
+			RequestHeader set X-Forwarded-User %{RU}e
+
+			ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
+			ProxyPassReverse http://127.0.0.1:8080/
+			ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
+		</Location>
+
 		ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
 		ProxyPassReverse / http://127.0.0.1:8080/
 		ProxyPassReverse / http://jenkins.debian.org/