Access policy handling snippet for proxy.conf and static.conf

commit: e7746cb6396e65c1ac105038b7d4533931066af9 [log] [tgz]
author: Adam Tengler <adam.tengler@tcpcloud.eu> Wed Apr 27 19:01:25 2016 +0200
committer: Adam Tengler <adam.tengler@tcpcloud.eu> Wed Apr 27 21:12:39 2016 +0200
tree: 4fa27cf7d97eb7daa2ac0ec430a45d25d662b97b
parent: b65b9065416aff9b6e256205a28462dec3c234d4 [diff]
diff --git a/README.rst b/README.rst
index 80bc797..d11cbfa 100644
--- a/README.rst
+++ b/README.rst

@@ -52,6 +52,28 @@
               name: gitlab.domain.com
               port: 80
 
+Static site with access policy
+
+.. code-block:: yaml
+
+    nginx:
+      server:
+        site:
+          nginx_static_site01:
+            enabled: true
+            type: static
+            name: site01
+            access_policy:
+              allow:
+              - 192.168.1.1/24
+              - 127.0.0.1
+              deny:
+              - 192.168.1.2
+              - all
+            host:
+              name: gitlab.domain.com
+              port: 80
+
 Simple HTTP proxy
 
 .. code-block:: yaml
@@ -114,6 +136,32 @@
               name: gitlab.domain.com
               port: 80
 
+Proxy with access policy
+
+.. code-block:: yaml
+
+    nginx:
+      server:
+        site:
+          nginx_proxy_site01:
+            enabled: true
+            type: proxy
+            name: site01
+            access_policy:
+              allow:
+              - 192.168.1.1/24
+              - 127.0.0.1
+              deny:
+              - 192.168.1.2
+              - all
+            proxy:
+              host: local.domain.com
+              port: 80
+              protocol: http
+            host:
+              name: gitlab.domain.com
+              port: 80
+
 Gitlab server with user for basic auth
 
 .. code-block:: yaml

diff --git a/nginx/files/_access_policy.conf b/nginx/files/_access_policy.conf
new file mode 100644
index 0000000..ccc990c
--- /dev/null
+++ b/nginx/files/_access_policy.conf

@@ -0,0 +1,10 @@
+
+      {%- if site.access_policy is defined %}
+      {%- for host in site.access_policy.get('allow', []) %}
+      allow {{ host }};
+      {%- endfor %}
+      {%- for host in site.access_policy.get('deny', []) %}
+      deny {{ host }};
+      {%- endfor %}
+      {%- endif %}
+

diff --git a/nginx/files/proxy.conf b/nginx/files/proxy.conf
index 5110e90..92d0c55 100644
--- a/nginx/files/proxy.conf
+++ b/nginx/files/proxy.conf

@@ -16,6 +16,8 @@
   location / {
       proxy_pass {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }};
 
+      {%- include "nginx/files/_access_policy.conf" %}
+
       {%- if site.proxy.size is defined %}
       client_max_body_size {{ site.proxy.size }}m;
       {%- if site.proxy.size > 200 %}

diff --git a/nginx/files/static.conf b/nginx/files/static.conf
index f6c8006..2a6ad57 100644
--- a/nginx/files/static.conf
+++ b/nginx/files/static.conf

@@ -13,6 +13,8 @@
     root  /srv/static/sites/{{ site.name }}{% if site.path is defined %}/{{ site.path }}{% endif %};
     {%- endif %}
 
+    {%- include "nginx/files/_access_policy.conf" %}
+
     index  index.html  index.htm;
     {%- if site.get('autoindex', False) %}
     autoindex on;
commit	e7746cb6396e65c1ac105038b7d4533931066af9	[log] [tgz]
author	Adam Tengler <adam.tengler@tcpcloud.eu>	Wed Apr 27 19:01:25 2016 +0200
committer	Adam Tengler <adam.tengler@tcpcloud.eu>	Wed Apr 27 21:12:39 2016 +0200
tree	4fa27cf7d97eb7daa2ac0ec430a45d25d662b97b
parent	b65b9065416aff9b6e256205a28462dec3c234d4 [diff]