From f1af8991fd00b7c94f5491ce8ff2370da3270e2f Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Thu, 13 Apr 2017 14:21:14 +0200
Subject: [PATCH] Bug fix : redirect https with many names

On a multiple name vhost with redirect_https, redirection is done with
the origin name not the main name.
---
 templates/etc/nginx/sites-available/_base.j2 | 23 ++++++++++++++------
 tests/test.yml                               |  9 ++++++++
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index 5999ed5..d416ace 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -22,6 +22,16 @@
 	ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
 {% endfor %}
 {%- endmacro %}
+{% macro httpsredirect(name) %}
+server {
+{% for port in __listen %}
+	listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+{% endfor %}
+	server_name {{ name }};
+	return 301 https://{{ name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
+}
+{% endmacro %}
+
 #
 # {{ ansible_managed }}
 #
@@ -142,15 +152,14 @@ server {
 #
 # Redirect HTTP to HTTPS
 #
-server {
-{% for port in __listen %}
-	listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+{% if item.name is string %}
+{{ httpsredirect(item.name) }}
+{% else %}
+{% for i in item.name %}
+{{ httpsredirect(i) }}
 {% endfor %}
-	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %};
-	return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
-}
 {% endif %}
-
+{% endif %}
 
 {% if item.redirect_from is defined and item.redirect_from is iterable %}
 #
diff --git a/tests/test.yml b/tests/test.yml
index 8ca30f8..e922aeb 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -212,6 +212,13 @@
         template: '_base'
         ssl_name: 'test-ssl.local'
         redirect_https: true
+      - name:
+          - 'test-ssl-redirect-many.local'
+          - 'test-ssl-redirect-many2.local'
+        proto: ['https']
+        template: '_base'
+        ssl_name: 'test-ssl.local'
+        redirect_https: true
       - name: 'test-ssl-proxy-protocol.local'
         proto: ['http', 'https']
         listen: [80, 20080]
@@ -382,6 +389,8 @@
         sslredirok.stderr.find('https://{{ item }}/') == -1
       with_items:
         - 'test-ssl-redirect.local'
+        - 'test-ssl-redirect-many.local'
+        - 'test-ssl-redirect-many2.local'
 
 # --------------------------------
 # Default vhosts