From 098028cdac22b74e5e52e9a1833e41d25f0a0f45 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 4 Sep 2019 14:29:50 -0400
Subject: [PATCH] New var nextcloud_allow_public_ips

---
 roles/nextcloud/templates/nextcloud.conf.j2 | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
index a2bd40edc..0ab229424 100644
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -8,10 +8,13 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
     # Apache 2.4
     # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
     Require host localhost
+{% if nextcloud_allow_public_ips %}
     # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
     Require all granted
-    # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES?  THEN USE THIS LINE INSTEAD:
-    #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+{% else %}
+    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
+    Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+{% endif %}
     # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
     #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
     </IfModule>