From f1af8991fd00b7c94f5491ce8ff2370da3270e2f Mon Sep 17 00:00:00 2001 From: Emilien Mantel Date: Thu, 13 Apr 2017 14:21:14 +0200 Subject: [PATCH] Bug fix : redirect https with many names On a multiple name vhost with redirect_https, redirection is done with the origin name not the main name. --- templates/etc/nginx/sites-available/_base.j2 | 23 ++++++++++++++------ tests/test.yml | 9 ++++++++ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2 index 5999ed5..d416ace 100644 --- a/templates/etc/nginx/sites-available/_base.j2 +++ b/templates/etc/nginx/sites-available/_base.j2 @@ -22,6 +22,16 @@ ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }}; {% endfor %} {%- endmacro %} +{% macro httpsredirect(name) %} +server { +{% for port in __listen %} + listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %}; +{% endfor %} + server_name {{ name }}; + return 301 https://{{ name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; +} +{% endmacro %} + # # {{ ansible_managed }} # @@ -142,15 +152,14 @@ server { # # Redirect HTTP to HTTPS # -server { -{% for port in __listen %} - listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %}; +{% if item.name is string %} +{{ httpsredirect(item.name) }} +{% else %} +{% for i in item.name %} +{{ httpsredirect(i) }} {% endfor %} - server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %}; - return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; -} {% endif %} - +{% endif %} {% if item.redirect_from is defined and item.redirect_from is iterable %} # diff --git a/tests/test.yml b/tests/test.yml index 8ca30f8..e922aeb 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -212,6 +212,13 @@ template: '_base' ssl_name: 'test-ssl.local' redirect_https: true + - name: + - 'test-ssl-redirect-many.local' + - 'test-ssl-redirect-many2.local' + proto: ['https'] + template: '_base' + ssl_name: 'test-ssl.local' + redirect_https: true - name: 'test-ssl-proxy-protocol.local' proto: ['http', 'https'] listen: [80, 20080] @@ -382,6 +389,8 @@ sslredirok.stderr.find('https://{{ item }}/') == -1 with_items: - 'test-ssl-redirect.local' + - 'test-ssl-redirect-many.local' + - 'test-ssl-redirect-many2.local' # -------------------------------- # Default vhosts