From 93c453420428c0593adb53f6b04d7329606bb2ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Fastr=C3=A9?= Date: Tue, 27 Jan 2026 16:21:52 +0100 Subject: [PATCH] Make proxy IP configuration dynamic and expand RabbitMQ settings Added a new `proxy_ips` variable for flexible proxy IP configuration in Chill defaults and updated framework template. Enhanced RabbitMQ integration with a conditional `rabbitmq_install` option. --- defaults/main.yml | 7 +++++++ templates/config/prod/framework.yaml | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 188e801..b054736 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,6 +21,13 @@ default_chill: host: 'devpms.samusocial.be' tls_config: self_signed expose_port: false # can be false, or the port number + # use rabbitmq as message broker. If not in use, it will be replaced by doctrine + rabbitmq_install: true + proxy_ips: + # 127.0.0.1 is always added + - 192.168.0.0/16 + - 10.0.0.0/8 + - 172.16.0.0/12 chill_config: trusted_hosts: 'devpms.samusocial.be ' database_host: '172.17.17.71' diff --git a/templates/config/prod/framework.yaml b/templates/config/prod/framework.yaml index 0fb2cea..937b448 100644 --- a/templates/config/prod/framework.yaml +++ b/templates/config/prod/framework.yaml @@ -1,7 +1,11 @@ # this file is managed by ansible. Do not edit it by hand framework: + {% if traefik_install +%} trusted_proxies: '127.0.0.1,REMOTE_ADDR{% for ip in traefik_trusted_ips|default([]) %},{{ ip }}{% endfor %}' + {%+ else %} + trusted_proxies: '127.0.0.1,{% for ip in chill.proxy_ips %}{{ ip }}{% if not loop.last %},{% endif %}{% endfor %}' + {%+ endif %} trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port'] parameters: