From 6897f66344c8fa8568fd85d6a68a052892369513 Mon Sep 17 00:00:00 2001 From: Emilien Mantel Date: Thu, 15 Mar 2018 12:54:12 +0100 Subject: [PATCH] redirect_from manages now https sites --- templates/etc/nginx/sites-available/_base.j2 | 15 +++++++++++++++ tests/test.yml | 15 ++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2 index 6f590fa..8f84a25 100644 --- a/templates/etc/nginx/sites-available/_base.j2 +++ b/templates/etc/nginx/sites-available/_base.j2 @@ -172,6 +172,21 @@ server { server_name {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ "\n\t\t" }}{{ item.redirect_from | join("\n\t\t") }}{% endif %}; return 301 $scheme://{{ item.name if item.name is string else item.name[0] }}$request_uri; } + +{% if 'https' in __proto %} +server { +{% for port in __listen_ssl %} + listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %}; +{% endfor %} +{{ ssl(__ssl_name) }} +{% if item.ssl_template is not defined or item.ssl_template != false %} + include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }}; +{% endif %} + server_name {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ "\n\t\t" }}{{ item.redirect_from | join("\n\t\t") }}{% endif %}; + return 301 https://{{ item.name if item.name is string else item.name[0] }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; +} +{% endif %} + {% endif %} # vim:filetype=nginx diff --git a/tests/test.yml b/tests/test.yml index 30037ea..00a5ffe 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -236,6 +236,9 @@ template: '_base' ssl_name: 'test-ssl.local' redirect_https: true + redirect_from: + - 'www.test-ssl-redirect-many.local' + - 'www.test-ssl-redirect-many2.local' - name: 'test-ssl-proxy-protocol.local' proto: ['http', 'https'] listen: [80, 20080] @@ -324,7 +327,17 @@ status_code: 301 follow_redirects: none with_items: "{{ nginx_sites }}" - when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") + when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and (item.proto is not defined or 'https' not in item.proto) + changed_when: false + + - name: -- VERIFY REDIRECT HTTPS SITES -- + uri: + url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/" + status_code: 301 + follow_redirects: none + validate_certs: no + with_items: "{{ nginx_sites }}" + when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto changed_when: false # --------------------------------