[BB-2447] Add `NGINX_ALLOW_PRIVATE_IP_ACCESS` variable

Description

Context: we are using `NGINX_ENABLE_SSL` variable to have the encrypted connection between ELB and AppServer, but this [adds](https://github.com/edx/configuration/blob/574cb0e396bcd8403b86a6000f8b573c81d4f5cd/playbooks/roles/edx_django_service/templates/edx/app/nginx/sites-available/app.j2#L13) IP disclosure handling, which returns `403` on attempt of reaching the server via its IP address. As it's [not possible](https://forums.aws.amazon.com/thread.jspa?messageID=423533) to specify the Host header for the health check, we should be able to set a variable that alters this behavior.

This adds a new variable called `NGINX_ALLOW_PRIVATE_IP_ACCESS`, which allows to disable handling the IP disclosure within private subnetworks.

Breakdown of the used regexp ([source](https://stackoverflow.com/a/33453740)):

  • `(\d+)(?<!10)` is used for the `10.0.0.0 – 10.255.255.255` range,

  • `\.(\d+)(?<!192\.168)(?<!172\.(1[6-9]|2\d|3[0-1]))` handles `172.16.0.0 - 172.31.255.255 ` and `192.168.0.0 – 192.168.255.255` ranges.

  • `\.(\d+)\.(\d+)` matches the remaining two octets.

*JIRA tickets*: TBD

*Dependencies*: None

*Merge deadline*: "None"

*Reviewers*

  • [x] @lgp171188 (approved in open-craft/configuration/pull/126)

  • [ ] edX reviewer[s] TBD

Configuration Pull Request

Make sure that the following steps are done before merging:

  • [ ] A DevOps team member has approved the PR if it is code shared across multiple services and you don't own all of the services.

  • [ ] <s>Are you adding any new default values that need to be overridden when this change goes live? If so:

  • [ ] Update the appropriate internal repo (be sure to update for all our environments)

  • [ ] If you are updating a secure value rather than an internal one, file a DEVOPS ticket with details.

  • [ ] Add an entry to the CHANGELOG.

  • [ ] If you are making a complicated change, have you performed the proper testing specified on the [Ops Ansible Testing Checklist](https://openedx.atlassian.net/wiki/display/EdxOps/Ops+Ansible+Testing+Checklist)? Adding a new variable does not require the full list (although testing on a sandbox is a great idea to ensure it links with your downstream code changes).</s>

  • [ ] Think about how this change will affect Open edX operators. Have you updated the wiki page for the next Open edX release?

Assignee

Jill Vogel

Reporter

Open Source Pull Request Bot

Labels

Contributor Name

Piotr Surowiec

Repo

edx/configuration

Customer

Epic Link

None

OSCM Assignee

None

Platform Map Area (Levels 1 &amp; 2)

None

Platform Map Area (Levels 3 &amp; 4)

None

Blended Hour Utilization Percentage

None

Priority

Unset
Configure