From 6897f66344c8fa8568fd85d6a68a052892369513 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@gmail.com>
Date: Thu, 15 Mar 2018 12:54:12 +0100
Subject: [PATCH] redirect_from manages now https sites

---
 templates/etc/nginx/sites-available/_base.j2 | 15 +++++++++++++++
 tests/test.yml                               | 15 ++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index 6f590fa..8f84a25 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -172,6 +172,21 @@ server {
 	server_name {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ "\n\t\t" }}{{ item.redirect_from | join("\n\t\t") }}{% endif %};
 	return 301 $scheme://{{ item.name if item.name is string else item.name[0] }}$request_uri;
 }
+
+{% if 'https' in __proto %}
+server {
+{% for port in __listen_ssl %}
+	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
+{% endfor %}
+{{ ssl(__ssl_name) }}
+{% if item.ssl_template is not defined or item.ssl_template != false %}
+	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
+{% endif %}
+	server_name {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ "\n\t\t" }}{{ item.redirect_from | join("\n\t\t") }}{% endif %};
+	return 301 https://{{ item.name if item.name is string else item.name[0] }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
+}
+{% endif %}
+
 {% endif %}
 
 # vim:filetype=nginx
diff --git a/tests/test.yml b/tests/test.yml
index 30037ea..00a5ffe 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -236,6 +236,9 @@
         template: '_base'
         ssl_name: 'test-ssl.local'
         redirect_https: true
+        redirect_from:
+          - 'www.test-ssl-redirect-many.local'
+          - 'www.test-ssl-redirect-many2.local'
       - name: 'test-ssl-proxy-protocol.local'
         proto: ['http', 'https']
         listen: [80, 20080]
@@ -324,7 +327,17 @@
         status_code: 301
         follow_redirects: none
       with_items: "{{ nginx_sites }}"
-      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and (item.proto is not defined or 'https' not in item.proto)
+      changed_when: false
+
+    - name: -- VERIFY REDIRECT HTTPS SITES --
+      uri:
+        url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
+        status_code: 301
+        follow_redirects: none
+        validate_certs: no
+      with_items: "{{ nginx_sites }}"
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
       changed_when: false
 
 # --------------------------------