Add an nginx container to do crazy things with traefik

ansible/roles/traefik/files/docker-compose.yml

@@ -17,6 +17,7 @@ services:
       - "{{ private_ip }}:8080:8080"
     depends_on:
       - docker_proxy
+      - nginx
     networks:
       - default
       - traefik
@@ -33,6 +34,14 @@ services:
     networks:
       - proxy_private
 
+  shenanigans:
+    image: nginx:alpine
+    restart: unless-stopped
+    volumes:
+      - /opt/traefik/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    networks:
+      - proxy_private
+
 networks:
   traefik:
     external: true

ansible/roles/traefik/files/file-provider-main.yml

@@ -8,3 +8,7 @@ http:
       headers:
         customResponseHeaders:
           Permissions-Policy: interest-cohort=()
+
+    shenanigans:
+      forwardAuth:
+        address: http://shenanigans

ansible/roles/traefik/files/nginx.conf

@@ -0,0 +1,14 @@
+# NOTE: Use `$http_x_forwarded_host` intead of `$host`.
+
+server {
+    listen 80 default_server;
+
+    # Get IP correctly
+    real_ip_header X-Forwarded-For;
+    set_real_ip_from 0.0.0.0/0;
+
+    # Allow everything through by default
+    location / {
+        return 200;
+    }
+}

ansible/roles/traefik/files/traefik.yml

@@ -17,6 +17,7 @@ entryPoints:
       middlewares:
         - floc-block@file
         - compress@file
+        - shenanigans@file
       tls:
         certresolver: le
         domains:

ansible/roles/traefik/tasks/main.yml

@@ -106,3 +106,18 @@
 - name: fail2ban
   include: fail2ban.yml
   when: with_fail2ban
+
+- name: Check for nginx config
+  stat:
+    path: /opt/traefik/nginx.conf
+  register: nginx_file
+  become: true
+
+- name: Create nginx config, if it doesn't exist already
+  template:
+    src: files/nginx.conf
+    dest: /opt/traefik/nginx.conf
+    mode: "0600"
+  when: not nginx_file.stat.exists
+  notify: restart traefik
+  become: true