Browse Source

playbooks: enable proxy protocol forwarding

Setting `reverse_proxy_proxy_protocol: true` and
`nginx_proxy_protocol: true` in nginx roles enable the forwarding of
the original connection address from the reverse_proxy to the target
nginx instance, using the established TCP PROXY PROTOCOL (adding a TCP
header, so working also for TLS connections that are not terminated at
the reverse proxy).

**Warning**

The `reverse_proxy_proxy_protocol` settings acts globally on the
reverse proxy nodes, so every virtual server on the reverse proxy must
accept and correctly handle proxy protocol headers.

This settings must be the same for every host sharing the same reverse
proxy, otherwise the setting will be changed globally at every run.
python3
Zolfa 4 years ago
parent
commit
8b4fc582fe
Signed by: zolfa GPG Key ID: E1A43B038C4D6616
4 changed files with 9 additions and 6 deletions
  1. +2
    -2
      host_login.yaml
  2. +3
    -0
      host_matrix.yaml
  3. +2
    -2
      host_nextcloud.yaml
  4. +2
    -2
      host_status.yaml

+ 2
- 2
host_login.yaml View File

@ -7,8 +7,8 @@
- hosts: 'login' - hosts: 'login'
vars: vars:
reverse_proxy_proxy_protocol: false
nginx_proxy_protocol: false
reverse_proxy_proxy_protocol: true
nginx_proxy_protocol: true
roles: roles:
- role: 'dns_record' - role: 'dns_record'
- role: 'reverse_proxy' - role: 'reverse_proxy'


+ 3
- 0
host_matrix.yaml View File

@ -5,6 +5,9 @@
vm_size: '10G' vm_size: '10G'
- hosts: 'matrix' - hosts: 'matrix'
vars:
nginx_proxy_protocol: true
reverse_proxy_proxy_protocol: true
roles: roles:
- role: 'dns_record' - role: 'dns_record'
- role: 'reverse_proxy' - role: 'reverse_proxy'


+ 2
- 2
host_nextcloud.yaml View File

@ -7,8 +7,8 @@
- hosts: 'nextcloud' - hosts: 'nextcloud'
vars: vars:
reverse_proxy_proxy_protocol: false
nginx_proxy_protocol: false
reverse_proxy_proxy_protocol: true
nginx_proxy_protocol: true
nginx_tls_1_2: true nginx_tls_1_2: true
roles: roles:
- role: 'dns_record' - role: 'dns_record'


+ 2
- 2
host_status.yaml View File

@ -7,8 +7,8 @@
- hosts: 'status' - hosts: 'status'
vars: vars:
nginx_proxy_protocol: false
reverse_proxy_proxy_protocol: false
nginx_proxy_protocol: true
reverse_proxy_proxy_protocol: true
roles: roles:
- role: 'dns_record' - role: 'dns_record'
- role: 'reverse_proxy' - role: 'reverse_proxy'


Loading…
Cancel
Save