From b2fc8b5621e9f2fcfacd5705def63bbb77b3c50b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl=20B=C3=A4ckstr=C3=B6m?= <genzorg@gmail.com>
Date: Mon, 5 Aug 2019 20:20:12 +0200
Subject: [PATCH] Added option to set allows and denies for locations (#133)

---
 README.md                      |  4 ++++
 defaults/main.yml              |  4 ++++
 templates/http/default.conf.j2 | 10 ++++++++++
 3 files changed, 18 insertions(+)

diff --git a/README.md b/README.md
index d77e926..a5d5cd9 100644
--- a/README.md
+++ b/README.md
@@ -469,6 +469,10 @@ nginx_http_template:
           proxy_pass: http://backend
           #rewrite: /foo(.*) /$1 break
           #proxy_pass_request_body: off
+          #allows:
+          #  - 192.168.1.0/24
+          #denies:
+          #  - all
           proxy_set_header:
             header_host:
               name: Host
diff --git a/defaults/main.yml b/defaults/main.yml
index d672640..f7556cb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -281,6 +281,10 @@ nginx_http_template:
           proxy_pass: http://backend
           #rewrite: /foo(.*) /$1 break
           #proxy_pass_request_body: off
+          #allows:
+          # - 192.168.1.0/24
+          #denies:
+          # - all
           proxy_set_header:
             header_host:
               name: Host
diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2
index 503a31e..3df11f5 100644
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@@ -195,6 +195,16 @@ server {
 {% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
         proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
 {% endif %}
+{% if item.value.reverse_proxy.locations[location].allows is defined %}
+{% for allow in item.value.reverse_proxy.locations[location].allows %}
+        allow {{ allow }};
+{% endfor %}
+{% endif %}
+{% if item.value.reverse_proxy.locations[location].denies is defined %}
+{% for deny in item.value.reverse_proxy.locations[location].denies %}
+        deny {{ deny }};
+{% endfor %}
+{% endif %}
 {% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
 {% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
         proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};