Allow configuring RemoteIPProxyProtocol at VHost level

The module currently support configuring RemoteIP PROXY Protocol at the
system level, but the settings can also be used for specific virtual
hosts.

Allow to set `RemoteIPProxyProtocol` and `RemoteIPProxyProtocolExceptions`
at the VHost level.  For cosistency, une the same parameter names and
types as the ones used for mod_remoteip configuration.

Author: smortex

manifests/vhost.pp

@@ -1705,6 +1705,11 @@
 # @param userdir
 #   Instances of apache::mod::userdir
 #
+# @param proxy_protocol
+#   Enable or disable PROXY protocol handling
+#
+# @param proxy_protocol_exceptions
+#   Disable processing of PROXY header for certain hosts or networks
 define apache::vhost (
   Variant[Stdlib::Absolutepath, Boolean] $docroot,
   Boolean $manage_docroot                                                             = true,
@@ -1966,6 +1971,8 @@
   Apache::OIDCSettings $oidc_settings                                                 = {},
   Optional[Variant[Boolean, String]] $mdomain                                         = undef,
   Optional[Variant[String[1], Array[String[1]]]] $userdir                             = undef,
+  Optional[Boolean] $proxy_protocol                                                   = undef,
+  Array[Stdlib::Host] $proxy_protocol_exceptions                                      = [],
 ) {
   # The base class must be included first because it is used by parameter defaults
   if ! defined(Class['apache']) {
@@ -2955,6 +2962,21 @@
     }
   }
 
+  if $proxy_protocol != undef {
+    include apache::mod::remoteip
+
+    $proxy_protocol_params = {
+      proxy_protocol            => $proxy_protocol,
+      proxy_protocol_exceptions => $proxy_protocol_exceptions,
+    }
+
+    concat::fragment { "${name}-proxy_protocol":
+      target  => "${priority_real}${filename}.conf",
+      order   => 400,
+      content => epp('apache/vhost/_proxy_protocol.epp', $proxy_protocol_params),
+    }
+  }
+
   $file_footer_params = {
     'define'              => $define,
     'passenger_pre_start' => $passenger_pre_start,

spec/defines/vhost_spec.rb

@@ -551,7 +551,9 @@
                                    'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8',
                                    'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' },
               'mdomain' => 'example.com example.net auto',
-              'userdir' => 'disabled'
+              'userdir' => 'disabled',
+              'proxy_protocol' => true,
+              'proxy_protocol_exceptions' => ['127.0.0.1', '10.0.0.0/8'],
             }
           end
 
@@ -968,6 +970,13 @@
               content: %r{^MDomain example\.com example\.net auto$},
             )
           }
+
+          it {
+            expect(subject).to contain_concat__fragment('rspec.example.com-proxy_protocol')
+              .with_content(%r{^RemoteIPProxyProtocol On$})
+              .with_content(%r{^RemoteIPProxyProtocolExceptions 127\.0\.0\.1$})
+              .with_content(%r{^RemoteIPProxyProtocolExceptions 10\.0\.0\.0/8$})
+          }
         end
 
         context 'vhost with proxy_add_headers true' do

templates/vhost/_proxy_protocol.epp

@@ -0,0 +1,8 @@
+<%- |
+  Boolean $proxy_protocol,
+  Array[Stdlib::Host] $proxy_protocol_exceptions,
+| -%>
+RemoteIPProxyProtocol <%= apache::bool2httpd($proxy_protocol) %>
+<% $proxy_protocol_exceptions.each |$exception| { -%>
+RemoteIPProxyProtocolExceptions <%= $exception %>
+<% } %>