From 7ee6927ca92e6acae0ddb313877cd9b2e7dc7ee1 Mon Sep 17 00:00:00 2001
From: p5t2vspoqqw <p5t2vspoqqw@temp.mailbox.org>
Date: Tue, 23 Apr 2019 09:44:02 +0200
Subject: [PATCH] add suggested change; correct indent

---
 docs/configuring-playbook-ngnix.md            |  8 +++++++
 roles/matrix-nginx-proxy/defaults/main.yml    |  7 ++++--
 .../nginx/conf.d/matrix-domain.conf.j2        | 24 ++++++++++---------
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md
index 81081e8b..e2a46a72 100644
--- a/docs/configuring-playbook-ngnix.md
+++ b/docs/configuring-playbook-ngnix.md
@@ -11,3 +11,11 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring
 ```yaml
 matrix_nginx_proxy_nginx_status_enabled: true
 ```
+
+In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list:
+
+```yaml
+matrix_nginx_proxy_nginx_status_allowed_addresses:
+- 8.8.8.8
+- 1.1.1.1
+```
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 54e25194..7c9739c3 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -1,7 +1,5 @@
 matrix_nginx_proxy_enabled: true
 
-matrix_nginx_proxy_nginx_status_enabled: false
-
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # those as more frequently out of date.
@@ -142,3 +140,8 @@ matrix_ssl_lets_encrypt_support_email: ~
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
+
+
+# ngnix status page configurations.
+matrix_nginx_proxy_nginx_status_enabled: false
+matrix_nginx_proxy_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
index b63f9fbc..f33d6959 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
@@ -4,25 +4,27 @@ server {
 
 	server_tokens off;
 
-	{% if matrix_nginx_proxy_nginx_status_enabled %}
-		location /nginx_status {
-			stub_status on;
-			access_log off;
-			allow {{ ansible_default_ipv4.address }};
-			deny all;
-		}
-	{% endif %}
+{% if matrix_nginx_proxy_nginx_status_enabled %}
+	location /nginx_status {
+		stub_status on;
+		access_log off;
+{% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %}
+		allow {{ address }};
+{% endfor %}
+		deny all;
+	}
+{% endif %}
 
 	location /.well-known/acme-challenge {
-		{% if matrix_nginx_proxy_enabled %}
+{% if matrix_nginx_proxy_enabled %}
 			{# Use the embedded DNS resolver in Docker containers to discover the service #}
 			resolver 127.0.0.11 valid=5s;
 			set $backend "matrix-certbot:8080";
 			proxy_pass http://$backend;
-		{% else %}
+{% else %}
 			{# Generic configuration for use outside of our container setup #}
 			proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
-		{% endif %}
+{% endif %}
 	}
 
 	location / {