Add nginx rule to disable access to api admin dashboard

0163d38b · Lerk · e1613ff8 · 0163d38b · 0163d38b · 0163d38b
Commit 0163d38b authored Aug 29, 2019 by Lerk
--- a/README.md
+++ b/README.md
@@ -124,6 +124,7 @@ Role Variables
 | `funkwhale_database_user`               | `funkwhale`                   | Postgresql username to login as |
 | `funkwhale_env_vars`                    | `[]`                          | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
 | `funkwhale_external_storage_enabled`    | `false`                       | If `true`, set up the proper configuration to use an extenal storage for media files |
+| `funkwhale_disable_django_admin`        | `false`                       | If `true`, returns a 403 (Forbidden) for `/api/admin` |
 | `funkwhale_install_path`                | `/srv/funkwhale`              | Path were frontend, api and virtualenv files should be stored (**no trailing slash**) |
 | `funkwhale_letsencrypt_certbot_flags`   | `null`                        | Additional flags to pass to `certbot` |
 | `funkwhale_letsencrypt_enabled`         | `true`                        | If `true`, will configure SSL with certbot and Let's Encrypt |

--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,7 @@ funkwhale_static_path: /srv/funkwhale/data/static
 funkwhale_music_path: /srv/funkwhale/data/music
 funkwhale_config_path: /srv/funkwhale/config
 funkwhale_external_storage_enabled: false
+funkwhale_disable_django_admin: false
 funkwhale_username: funkwhale
 funkwhale_database_managed: true
 funkwhale_frontend_managed: true

--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -132,4 +132,11 @@ server {
        # django static files
        alias {{ funkwhale_static_path }}/;
    }
+
+    {% if funkwhale_disable_django_admin -%}
+    location /api/admin/ {
+        # disable access to API admin dashboard
+        return 403;
+    }
+    {% else -%}
 }