roles/nginx: proxy_protocol support

If `proxy_protocol` is turned on user port 10443 to accept PROXY Protocol
HTTPS connections and keedp using port 443 for standard HTTPS connection.

New variables:

- proxy_protocol | default(true)

roles/nginx/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 server_fqdn: '{{ ansible_hostname }}.{{ domain }}'
+# Accept HTTPS over PROXY PROTOCOL on Alternate Port: 10443
+proxy_protocol: true
 ...

roles/nginx/templates/base.j2

@@ -1,9 +1,17 @@
 server {
-    listen 443 ssl http2 proxy_protocol;
-    listen [::]:443 ssl http2 proxy_protocol;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
 
+    {% if proxy_protocol %}
+    # Alternate Port for PROXY PROTOCOL incoming connections
+    listen 10443 ssl http2 proxy_protocol;
+    listen [::]:10443 ssl http2 proxy_protocol;
+
+    # RealIP rewrite authorized for connection from reverse-proxy
     set_real_ip_from {{ hostvars | ip_from_inventory('vm_gateway') }};
     real_ip_header proxy_protocol;
+    {% endif %}
+
 
     ssl_certificate /etc/letsencrypt/live/{{ server_fqdn }}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/{{ server_fqdn }}/privkey.pem;