Merge pull request #1 from inovia-team/additional_trusted_ips

Add a parameter to set additional trusted IP addresses
matterstech · Sep 6, 2017 · 5572a7c · 5572a7c
2 parents ad0072b + debe270
commit 5572a7c
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 2 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 # defaults file for ansible-cloudflare
 ansible_cloudflare_server: ""
+ansible_cloudflare_additional_trusted_ips: []
diff --git a/tasks/apache2.yml b/tasks/apache2.yml
@@ -46,6 +46,16 @@
   tags:
     - cloudflare
 
+- name: "Configure apache mod"
+  template:
+    src=cloudflare.conf.j2
+    dest=/etc/apache2/mods-available/cloudflare.conf
+  become: yes
+  notify: reload server
+  when: ansible_cloudflare_additional_trusted_ips
+  tags:
+    - cloudflare
+
 - name: "Enable apache mod if already available"
   apache2_module:
     state: present
@@ -62,4 +72,3 @@
   when: mod_cloudflare|failed and is_mod_cloudflare_available|failed
   tags:
     - cloudflare
-
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
@@ -16,4 +16,3 @@
   notify: reload server
   tags:
     - cloudflare
-
diff --git a/templates/cloudflare.conf.j2 b/templates/cloudflare.conf.j2
@@ -0,0 +1 @@
+CloudflareRemoteIPTrustedProxy {{ ansible_cloudflare_additional_trusted_ips | join(" ") }}
diff --git a/templates/real_ip.conf.j2 b/templates/real_ip.conf.j2
@@ -5,4 +5,9 @@ set_real_ip_from {{ ipv4 }};
 {% for ipv6 in cf_ip.json.result.ipv6_cidrs %}
 set_real_ip_from  {{ ipv6 }};
 {% endfor %}
+
+{% for additional_ip in ansible_cloudflare_additional_trusted_ips %}
+set_real_ip_from  {{ additional_ip }};
+{% endfor %}
+
 real_ip_header CF-Connecting-IP;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -16,4 +16,3 @@
		notify: reload server
		tags:
		- cloudflare
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		CloudflareRemoteIPTrustedProxy {{ ansible_cloudflare_additional_trusted_ips \| join(" ") }}