From 0cdd43facb2cc3247f7cf91cad656f1f23d1b57d Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Mon, 21 Jun 2021 15:31:52 +0200
Subject: [PATCH] [nginx] Fix subnets for real_ip_from

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/nginx.yml                      |  2 +-
 host_vars/rodauh.cachan-adm.crans.org.yml | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 8d61b273..f247cf67 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -28,7 +28,7 @@ glob_nginx:
   default_ssl_domain: crans.org
   real_ip_from:
     - "172.16.0.0/16"
-    - "fd00:0:0:10::/64"
+    - "fd00::/56"
   deploy_robots_file: false
 
 glob_prometheus_nginx_exporter:
diff --git a/host_vars/rodauh.cachan-adm.crans.org.yml b/host_vars/rodauh.cachan-adm.crans.org.yml
index 6e83805e..54005bcd 100644
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ b/host_vars/rodauh.cachan-adm.crans.org.yml
@@ -26,6 +26,17 @@ loc_certbot:
     certname: crans.org
     domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
 
+loc_nginx:
+  servers: []
+  ssl:
+    - name: crans.org
+      cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+      cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+  real_ip_from:
+    - "172.17.0.0/16"
+    - "fd00:0:0:3000::/56"
+
 loc_reverseproxy:
   reverseproxy_sites:
     - {from: ftps.crans.org, to: 172.17.10.30}
-- 
GitLab