Enable Facebook Scrapers on NGINX using Ansible (Trellis Example) Per https://gist.github.com/ifnull/1ac3d9a20d827972d581be6d5ade96eb

facebook-scraper.conf.j2

# trellis/roles/nginx/templates/facebook-scraper.conf.j2

satisfy any;
allow 204.15.20.0/22;
allow 69.63.176.0/20;
allow 66.220.144.0/20;
allow 66.220.144.0/21;
allow 69.63.184.0/21;
allow 69.63.176.0/21;
allow 74.119.76.0/22;
allow 69.171.255.0/24;
allow 173.252.64.0/18;
allow 69.171.224.0/19;
allow 69.171.224.0/20;
allow 103.4.96.0/22;
allow 69.63.176.0/24;
allow 173.252.64.0/19;
allow 173.252.70.0/24;
allow 31.13.64.0/18;
allow 31.13.24.0/21;
allow 66.220.152.0/21;
allow 66.220.159.0/24;
allow 69.171.239.0/24;
allow 69.171.240.0/20;
allow 31.13.64.0/19;
allow 31.13.64.0/24;
allow 31.13.65.0/24;
allow 31.13.67.0/24;
allow 31.13.68.0/24;
allow 31.13.69.0/24;
allow 31.13.70.0/24;
allow 31.13.71.0/24;
allow 31.13.72.0/24;
allow 31.13.73.0/24;
allow 31.13.74.0/24;
allow 31.13.75.0/24;
allow 31.13.76.0/24;
allow 31.13.77.0/24;
allow 31.13.96.0/19;
allow 31.13.66.0/24;
allow 173.252.96.0/19;
allow 69.63.178.0/24;
allow 31.13.78.0/24;
allow 31.13.79.0/24;
allow 31.13.80.0/24;
allow 31.13.82.0/24;
allow 31.13.83.0/24;
allow 31.13.84.0/24;
allow 31.13.85.0/24;
allow 31.13.86.0/24;
allow 31.13.87.0/24;
allow 31.13.88.0/24;
allow 31.13.89.0/24;
allow 31.13.90.0/24;
allow 31.13.91.0/24;
allow 31.13.92.0/24;
allow 31.13.93.0/24;
allow 31.13.94.0/24;
allow 31.13.95.0/24;
allow 69.171.253.0/24;
allow 69.63.186.0/24;
allow 31.13.81.0/24;
allow 179.60.192.0/22;
allow 179.60.192.0/24;
allow 179.60.193.0/24;
allow 179.60.194.0/24;
allow 179.60.195.0/24;
allow 185.60.216.0/22;
allow 45.64.40.0/22;
allow 185.60.216.0/24;
allow 185.60.217.0/24;
allow 185.60.218.0/24;
allow 185.60.219.0/24;
allow 129.134.0.0/16;
allow 157.240.0.0/16;
allow 204.15.20.0/22;
allow 69.63.176.0/20;
allow 69.63.176.0/21;
allow 69.63.184.0/21;
allow 66.220.144.0/20;
allow 69.63.176.0/20;
deny all;

main.yml

# trellis/roles/nginx/tasks/main.yml

- name: Create Facebook Scraper Config
  template:
    src: facebook-scraper.conf.j2
    dest: "{{ nginx_path }}/facebook-scraper.conf"

manage.yml

# trellis/roles/louim.bedrock-site-protect/tasks/manage.yml

- name: Link Facebook Scraper Permissions.
  lineinfile:
    line: "  include facebook-scraper.conf;"
    insertbefore: auth_basic 'Restricted';
    dest: "/etc/nginx/sites-available/{{ item.key }}.conf"
  with_dict: wordpress_sites
  when: (item.value.htpasswd is defined) and
    (item.value.htpasswd.permit_facebook is defined and
    item.value.htpasswd.permit_facebook == true)
  notify: reload nginx
  
  - name: Unlink Facebook Scraper Permissions.
  lineinfile:
    line: "  include facebook-scraper.conf;"
    state: absent
    dest: "/etc/nginx/sites-available/{{ item.key }}.conf"
  with_dict: wordpress_sites
  when: (item.value.htpasswd is not defined) or
    (item.value.htpasswd.permit_facebook is defined and
    item.value.htpasswd.permit_facebook == false)
  notify: reload nginx

wordpress_sites.yml

# trellis/group_vars/production/wordpress_sites.yml

wordpress_sites:
  <DOMAIN>:
    htpasswd:
      name: <USER>
      password: <PASSWORD>
      permit_facebook: true