From d223f8b144474823d73406fafa8c2f6febcfeba3 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Tue, 15 Mar 2016 09:22:01 +0100
Subject: [PATCH] Add a check for HTTPS redirect

---
 doc/vhost.md    | 2 +-
 tasks/vhost.yml | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/vhost.md b/doc/vhost.md
index 3d35956..d5b5cde 100644
--- a/doc/vhost.md
+++ b/doc/vhost.md
@@ -16,7 +16,7 @@ Common
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `redirect_to_code`: Redirect code (default: 302)
-- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS.
+- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to ```['https']```.
 - `location`: (O) Add new custom locations (it does not overwrite!)
 - `more`: (O) Add more custom infos.
 - `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP)
diff --git a/tasks/vhost.yml b/tasks/vhost.yml
index 26f34e9..91d7deb 100644
--- a/tasks/vhost.yml
+++ b/tasks/vhost.yml
@@ -13,6 +13,13 @@
     item.ssl_name is not defined
   with_items: "{{ nginx_vhosts }}"
 
+- name: FAIL | Check HTTPS redir and proto
+  fail: msg="You can't have HTTP proto and HTTPS redirection at the same time"
+  when: >
+    ((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
+    (item.redirect_http is defined and item.redirect_http)
+  with_items: "{{ nginx_vhosts }}"
+
 - name: FILE | Create root directory
   file: >
     path={{ nginx_root }}