From 4d962120aba5cf081563acc146313cb8bf36b220 Mon Sep 17 00:00:00 2001
From: Rick Henry <rick.henry@assureddigitaltech.com>
Date: Thu, 2 Sep 2021 12:24:20 +0100
Subject: [PATCH 1/3] Handle TLS termination for reverse proxied hosts

---
 README.md                       | 4 ++++
 templates/reverse-proxy.conf.j2 | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index c985210..b67c650 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ Role Variables
 Along with the variables that must be configured for each reverse proxy configuration, some configuration options are available on a per-proxy basis:
 
 * `balancer_config`: specify a load balancing strategy other than the default round robin. Valid options include `least_conn` (for least connections) and `ip_hash` (for session persistence using IP hashing).
+* `port`: specify a port on which to listen for the remote proxy; most likely
+  either `80` or `443`
+* `certificate.cert`: Path to a TLS certificate public key
+* `certificate.key`: Path to a TLS certificate private key
 
 See the app2proxy definition in the example playbook below.
 
diff --git a/templates/reverse-proxy.conf.j2 b/templates/reverse-proxy.conf.j2
index c0606bc..3b71459 100644
--- a/templates/reverse-proxy.conf.j2
+++ b/templates/reverse-proxy.conf.j2
@@ -10,7 +10,15 @@ upstream {{ item.backend_name }} {
 }
 
 server {
+    {% if item.port is defined -%}
+    listen {{ item.port }};
+    {% else -%}
     listen 80;
+    {% endif -%}
+    {% if item.certificate is defined -%}
+    ssl_certificate {{ item.certificate.cert }};
+    ssl_certificate_key {{ item.certificate.key }};
+    {% endif -%}
     server_name {{ item.domains|join(' ') }};
     location / {
         proxy_set_header   X-Real-IP $remote_addr;

From 19f32ac4a4fdc3df138077ba61fe7b72351f7621 Mon Sep 17 00:00:00 2001
From: Rick Henry <rick.henry@assureddigitaltech.com>
Date: Thu, 2 Sep 2021 13:32:58 +0100
Subject: [PATCH 2/3] Allow use of HTTPS behind the proxy

---
 README.md                       | 2 ++
 templates/reverse-proxy.conf.j2 | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/README.md b/README.md
index b67c650..df1b13a 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,8 @@ Along with the variables that must be configured for each reverse proxy configur
   either `80` or `443`
 * `certificate.cert`: Path to a TLS certificate public key
 * `certificate.key`: Path to a TLS certificate private key
+* `use_https_to_service`: If true, use https:// as the scheme to the proxied
+  resource.
 
 See the app2proxy definition in the example playbook below.
 
diff --git a/templates/reverse-proxy.conf.j2 b/templates/reverse-proxy.conf.j2
index 3b71459..962b374 100644
--- a/templates/reverse-proxy.conf.j2
+++ b/templates/reverse-proxy.conf.j2
@@ -23,6 +23,10 @@ server {
     location / {
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   Host      $http_host;
+        {% if item.use_https_to_service is defined and item.use_https_to_service -%}
+        proxy_pass         https://{{ item.backend_name }};
+        {% else -%}
         proxy_pass         http://{{ item.backend_name }};
+        {% endif -%}
     }
 }

From b7962e5d593c786235dfc2197bd8cc83a46eaf65 Mon Sep 17 00:00:00 2001
From: Rick Henry <rick.henry@assureddigitaltech.com>
Date: Wed, 8 Sep 2021 09:10:21 +0100
Subject: [PATCH 3/3] Implement additional args to the Nginx server template

---
 README.md                       | 21 ++++++++++++++++++++-
 templates/reverse-proxy.conf.j2 |  5 +++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index df1b13a..f86f997 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,14 @@ Along with the variables that must be configured for each reverse proxy configur
 * `certificate.key`: Path to a TLS certificate private key
 * `use_https_to_service`: If true, use https:// as the scheme to the proxied
   resource.
+* `extra_server_args`: A list of key-value pairs for additional Nginx
+  configuration pairs. For example, setting
+  ```yaml
+  extra_server_args:
+    - name: client_max_body_size
+      value: 100M
+  ```
+  would allow a client request body of up to 100M through the proxy.
 
 See the app2proxy definition in the example playbook below.
 
@@ -81,10 +89,21 @@ Example Playbook
           - sessioned-app.192.168.88.10.xip.io
         balancer_config: ip_hash;
 
+      - config_name: bigfilesproxy
+        backend_name: my-big-files
+        backends:
+          - localhost:9443
+        domains:
+          - bigfiles.192.168.88.10.xip.io
+        use_https_to_service: true
+        extra_server_args:
+          - name: client_max_body_size
+            value: 100M
+
   roles:
     - ansible-nginx-reverse-proxy
 
-```    
+```
 
 License
 -------
diff --git a/templates/reverse-proxy.conf.j2 b/templates/reverse-proxy.conf.j2
index 962b374..86d4983 100644
--- a/templates/reverse-proxy.conf.j2
+++ b/templates/reverse-proxy.conf.j2
@@ -19,6 +19,11 @@ server {
     ssl_certificate {{ item.certificate.cert }};
     ssl_certificate_key {{ item.certificate.key }};
     {% endif -%}
+    {% if item.extra_server_args is defined and item.extra_server_args -%}
+    {% for arg in item.extra_server_args %}
+    {{ arg.name }}  {{ arg.value }};
+    {% endfor -%}
+    {% endif -%}
     server_name {{ item.domains|join(' ') }};
     location / {
         proxy_set_header   X-Real-IP $remote_addr;