CU-cunmby Added nginx mod_security to http role

ansible/roles/http/templates/nginx/sites/ci.bdebyl.net.https.conf.j2

@@ -10,7 +10,7 @@ server {
   add_header              Strict-Transport-Security max-age=6307200;
   add_header              Allow "GET, POST, HEAD" always;
 
-  limit_except GET POST { deny all; }
+  #limit_except GET POST { deny all; }
 
   ssl_certificate         /etc/letsencrypt/live/{{ ci_server_name }}/fullchain.pem;
   ssl_certificate_key     /etc/letsencrypt/live/{{ ci_server_name }}/privkey.pem;
@@ -28,14 +28,17 @@ server {
   ssl_prefer_server_ciphers off;
 
   location / {
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $http_host;
+    modsecurity on;
+    modsecurity_rules_file {{ nginx_dir }}/modsec_includes.conf;
 
-    proxy_pass http://drone;
-    proxy_redirect off;
+    proxy_set_header X-Forwarded-For   $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host              $http_host;
+
+    proxy_pass         http://drone;
+    proxy_redirect     off;
     proxy_http_version 1.1;
-    proxy_buffering off;
+    proxy_buffering    off;
 
     chunked_transfer_encoding off;
   }