Adding custom locations with basic support for denied/allowed IPs

Pierre Paul Lefebvre · Pierre Paul Lefebvre · commit 7bc417b90b56 · 2014-10-20T15:08:03.000-04:00
diff --git a/README.md b/README.md
@@ -104,6 +104,13 @@ The following variables are available to configure the role:
         - **regex**: The regular expression used to match the URI.
         - **replacement**: The replacement pattern used for the rewrite.
         - **flags**: (optional) The flag parameter for the rewrite.
+    - **custom_locations**: (optional) A list of locations directives, using the
+      following structure:
+        - **operator**: (optional) Operator to match the location path (defaults to '=')
+        - **path**: Path string to match on
+        - **allowed_ips**: (optional) List of IP (with or without subnet) allowed to visit this location
+        - **denied_ips**: (optional)  List of IP (with or without subnet) denied to visit this location
+        - **fastcgi_pass**: (optional) fastcgi socket (or IP) to send to. If not specified, will use the @drupal location as upstream.
     - **includes**: (optional) A list of additional Nginx configuration files
       to include for the site.
     - **server_name_in_redirect**: (optional) Enables or disables the use of
@@ -174,4 +181,4 @@ Apache v2
 Author Information
 ------------------
 
-Pierre Buyle <buyle@pheromone.ca>
+Pierre Buyle <buyle@pheromone.ca>
diff --git a/templates/sites-available/drupal-site.j2 b/templates/sites-available/drupal-site.j2
@@ -78,6 +78,30 @@ server {
     {% endfor %}
     {% endif %}
 
+    {% if item.custom_locations is defined -%}
+    ## Custom location(s)
+    {% for location in item.custom_locations -%}
+    location {{ location.operator|default('=') }} "{{ location.path }}" {
+    {% if location.allowed_ips is defined -%}
+    {% for allowed_ip in location.allowed_ips %}
+    allow {{ allowed_ip }};
+    {% endfor %}
+    deny all;
+    {% endif %}
+    {%- if location.denied_ips is defined -%}
+    {%- for denied_ip in location.denied_ips %}
+    deny {{ denied_ip }};
+    {% endfor %}
+    {% endif -%}
+    {%- if location.fastcgi_pass is defined -%}
+    include fastcgi_params;
+        fastcgi_pass {{ location.fastcgi_pass }};
+    {% else %}
+    try_files $uri @drupal;
+    {% endif %}
+    }
+    {% endfor %}
+    {% endif %}
 
     {% if not nginx_drupal_use_boost -%}
     {% if not nginx_drupal_escape_uri -%}
@@ -267,6 +291,31 @@ server {
     {% endfor %}
     {% endif %}
 
+    {% if item.custom_locations is defined %}
+    ## Custom location(s)
+    {% for location in item.custom_locations %}
+    location {{ location.operator }} "{{ location.path }}" {
+        {% if location.allowed_ips is defined %}
+            {% for allowed_ip in location.allowed_ips %}
+            allow {{ allowed_ip }};
+            {% endfor %}
+            deny all;
+        {% endif %}
+        {% if location.denied_ips is defined %}
+            {% for denied_ip in location.denied_ips %}
+            deny {{ denied_ip }};
+            {% endfor %}
+        {% endif %}
+        {% if location.fastcgi_pass is defined %}
+            include fastcgi_params;
+            fastcgi_pass {{ location.fastcgi_pass }};
+        {% else %}
+            try_files $uri @drupal;
+        {% endif %}
+    }
+    {% endfor %}
+    {% endif %}
+
     {% if not nginx_drupal_use_boost -%}
     {% if not nginx_drupal_escape_uri -%}
     ################################################################
