Add support for the NGINX real_ip module

Question

Add support for the NGINX real_ip module

Closed this issue 4 years ago · 0 comments

aknot242 commented 4 years ago

Is your feature request related to a problem? Please describe

Currently, the conf role does not have configuration support for the directives in the real_ip module.

Describe the solution you'd like

Add support for the real_ip directives at a minimum in the http and server NGINX contexts.

Describe alternatives you've considered

This is my current workaround, which is of course brittle:

  tasks:
    - name: Add XFF header settings to http block
      ansible.builtin.blockinfile:
        path: /etc/nginx/nginx.conf
        insertbefore: '^\s*include\s\/etc\/nginx\/conf\.d\/\*.conf;'
        block: |
              real_ip_header X-Forwarded-For;
              set_real_ip_from 0.0.0.0/0;
              real_ip_recursive on;

    - name: Add XFF header settings to server block
      ansible.builtin.lineinfile:
        path: /etc/nginx/conf.d/default.conf
        regexp: '^\s*listen.*80\sdefault_server;\n\s*real_ip_header'
        insertafter: '^\s*listen.*80\sdefault_server;'
        line: 'real_ip_header X-Forwarded-For;'

    - name: Restart NGINX
      service:
        name: nginx
        state: restarted
        enabled: true