From 8b4fc582fe339401a95bae2d5d5a7f21fa93a933 Mon Sep 17 00:00:00 2001 From: Zolfa Date: Thu, 24 Dec 2020 17:12:56 +0100 Subject: [PATCH] playbooks: enable proxy protocol forwarding Setting `reverse_proxy_proxy_protocol: true` and `nginx_proxy_protocol: true` in nginx roles enable the forwarding of the original connection address from the reverse_proxy to the target nginx instance, using the established TCP PROXY PROTOCOL (adding a TCP header, so working also for TLS connections that are not terminated at the reverse proxy). **Warning** The `reverse_proxy_proxy_protocol` settings acts globally on the reverse proxy nodes, so every virtual server on the reverse proxy must accept and correctly handle proxy protocol headers. This settings must be the same for every host sharing the same reverse proxy, otherwise the setting will be changed globally at every run. --- host_login.yaml | 4 ++-- host_matrix.yaml | 3 +++ host_nextcloud.yaml | 4 ++-- host_status.yaml | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/host_login.yaml b/host_login.yaml index a3a65f0..e151e16 100644 --- a/host_login.yaml +++ b/host_login.yaml @@ -7,8 +7,8 @@ - hosts: 'login' vars: - reverse_proxy_proxy_protocol: false - nginx_proxy_protocol: false + reverse_proxy_proxy_protocol: true + nginx_proxy_protocol: true roles: - role: 'dns_record' - role: 'reverse_proxy' diff --git a/host_matrix.yaml b/host_matrix.yaml index 88ff758..497583f 100644 --- a/host_matrix.yaml +++ b/host_matrix.yaml @@ -5,6 +5,9 @@ vm_size: '10G' - hosts: 'matrix' + vars: + nginx_proxy_protocol: true + reverse_proxy_proxy_protocol: true roles: - role: 'dns_record' - role: 'reverse_proxy' diff --git a/host_nextcloud.yaml b/host_nextcloud.yaml index 87ddfa7..eda8a40 100644 --- a/host_nextcloud.yaml +++ b/host_nextcloud.yaml @@ -7,8 +7,8 @@ - hosts: 'nextcloud' vars: - reverse_proxy_proxy_protocol: false - nginx_proxy_protocol: false + reverse_proxy_proxy_protocol: true + nginx_proxy_protocol: true nginx_tls_1_2: true roles: - role: 'dns_record' diff --git a/host_status.yaml b/host_status.yaml index 975ca16..82b9d14 100644 --- a/host_status.yaml +++ b/host_status.yaml @@ -7,8 +7,8 @@ - hosts: 'status' vars: - nginx_proxy_protocol: false - reverse_proxy_proxy_protocol: false + nginx_proxy_protocol: true + reverse_proxy_proxy_protocol: true roles: - role: 'dns_record' - role: 'reverse_proxy'