From f6222760448f46469050366c9e8d834744270542 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Nov 2015 14:24:12 +0000
Subject: [PATCH] Add /http-auth-jenkins/ for jenkins

---
 .../roles/files/jenkins/jenkins.debian.org    | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/modules/roles/files/jenkins/jenkins.debian.org b/modules/roles/files/jenkins/jenkins.debian.org
index e8d9ebed..e9b35eed 100644
--- a/modules/roles/files/jenkins/jenkins.debian.org
+++ b/modules/roles/files/jenkins/jenkins.debian.org
@@ -28,6 +28,27 @@ Use common-debian-service-https-redirect * jenkins.debian.org
 			Allow from all
 		</Proxy>
 		AllowEncodedSlashes NoDecode
+
+		<Location /http-auth-jenkins/>
+			AuthName "Debian Jenkins"
+			AuthType Digest
+			AuthDigestProvider file
+			AuthUserFile /srv/jenkins.debian.org/etc/htdigest
+			Require valid-user
+
+			RewriteEngine On
+			# see the Apache documentation on why this has to be lookahead
+			RewriteCond %{LA-U:REMOTE_USER} (.+)
+			# this actually doesn't rewrite anything. what we do here is to set RU to the match above
+			# "NS" prevents flooding the error log
+			RewriteRule .* - [E=RU:%1,NS]
+			RequestHeader set X-Forwarded-User %{RU}e
+
+			ProxyPass http://127.0.0.1:8080/ retry=15 nocanon
+			ProxyPassReverse http://127.0.0.1:8080/
+			ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/
+		</Location>
+
 		ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon
 		ProxyPassReverse / http://127.0.0.1:8080/
 		ProxyPassReverse / http://jenkins.debian.org/
-- 
2.39.2