fix redirect https : show port only if not 443

Bug fix : redirect https with many names
On a multiple name vhost with redirect_https, redirection is done with the origin name not the main name.
2026-02-28 09:22:10 +07:00 · 2017-04-13 15:16:53 +02:00 · 2017-04-13 14:21:14 +02:00 · 2017-03-14 11:21:35 +01:00 · 2017-03-13 10:19:07 +01:00 · 2017-03-13 09:53:29 +01:00
6 changed files with 47 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -55,6 +55,11 @@ FreeBSD:
 - `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`)
 - `nginx_dyn_modules`: dynamic module list to load
 About modules
 -------------
 Last updates from Debian backports loads modules from /etc/nginx/modules-enabled directory. Disabling/Enabling is not supported anymore. Please wait further update.
 Fine configuration
 ------------------
--- a/tasks/dyn_modules.yml
+++ b/tasks/dyn_modules.yml
@@ -13,4 +13,13 @@
  with_items: "{{ nginx_dyn_modules }}"
  when:  ansible_distribution == 'Debian'
 - name: FILE | Creates modules directories
  file: >
    path="{{ nginx_etc_dir}}/{{ item }}"
    state=directory
    mode=0755
    owner=root
    group=root
  with_items: ['modules-available', 'modules-enabled']
 # TODO: manage freebsd
--- a/tasks/htpasswd.yml
+++ b/tasks/htpasswd.yml
@@ -6,6 +6,7 @@
    state=absent
  with_items: "{{ nginx_htpasswd }}"
  when: item.state is defined and item.state == 'absent'
  no_log: true
 - name: HTPASSWD | Manage files
  htpasswd: >
--- a/templates/etc/nginx/nginx.conf.j2
+++ b/templates/etc/nginx/nginx.conf.j2
@@ -6,9 +6,7 @@ user {{ nginx_user }};
 worker_processes {{ nginx_worker_processes }};
 pid {{ nginx_pid }};
 {% if nginx_version.stdout | version_compare('1.9.11', 'ge') %}
-{% for module in nginx_dyn_modules -%}
+include {{ nginx_etc_dir }}/modules-enabled/*.conf;
 load_module "modules/ngx_{{ module }}_module.so";
 {% endfor %}
 {% endif %}
 events {
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -22,6 +22,16 @@
 	ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
 {% endfor %}
 {%- endmacro %}
 {% macro httpsredirect(name) %}
 server {
 {% for port in __listen %}
 	listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
 {% endfor %}
 	server_name {{ name }};
 	return 301 https://{{ name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
 }
 {% endmacro %}
 #
 # {{ ansible_managed }}
 #
@@ -142,15 +152,14 @@ server {
 #
 # Redirect HTTP to HTTPS
 #
-server {
+{% if item.name is string %}
-{% for port in __listen %}
+{{ httpsredirect(item.name) }}
-	listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+{% else %}
 {% for i in item.name %}
 {{ httpsredirect(i) }}
 {% endfor %}
 	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %};
 	return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
 }
 {% endif %}
-
+{% endif %}
 {% if item.redirect_from is defined and item.redirect_from is iterable %}
 #
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -212,6 +212,14 @@
        template: '_base'
        ssl_name: 'test-ssl.local'
        redirect_https: true
      - name:
          - 'test-ssl-redirect-many.local'
          - 'test-ssl-redirect-many2.local'
        listen_ssl: [8443]
        proto: ['https']
        template: '_base'
        ssl_name: 'test-ssl.local'
        redirect_https: true
      - name: 'test-ssl-proxy-protocol.local'
        proto: ['http', 'https']
        listen: [80, 20080]
@@ -374,14 +382,16 @@
        - 'test-ssl-predeployed.local'
        - 'test-ssl.local'
    - name: -- VERIFY SSL REDIRECT --
-      command: "curl -v --insecure -H 'Host: {{ item }}' http://127.0.0.1/"
+      command: "curl -v -H 'Host: {{ item.name }}' http://127.0.0.1/"
      changed_when: false
      register: sslredirok
-      failed_when: >
+      failed_when: "'< Location: https://{{ item.name }}{{ ':' + item.port if item.port is defined else '' }}/' not in sslredirok.stderr"
        sslredirok.stderr.find('< Location') == -1 and
        sslredirok.stderr.find('https://{{ item }}/') == -1
      with_items:
-        - 'test-ssl-redirect.local'
+        - name: 'test-ssl-redirect.local'
        - name: 'test-ssl-redirect-many.local'
          port: '8443'
        - name: 'test-ssl-redirect-many2.local'
          port: '8443'
 # --------------------------------
 # Default vhosts
Author	SHA1	Message	Date
Emilien Mantel	a60e81cc1f	fix redirect https : show port only if not 443	2017-04-13 15:16:53 +02:00
Emilien Mantel	f1af8991fd	Bug fix : redirect https with many names On a multiple name vhost with redirect_https, redirection is done with the origin name not the main name.	2017-04-13 14:21:14 +02:00
Emilien Mantel	fcb59fd331	no_log when deleting htpasswd files	2017-03-14 11:21:35 +01:00
Emilien Mantel	2aa9e8b6b9	load modules uses pattern *.conf	2017-03-13 10:19:07 +01:00
Emilien Mantel	7892626fc0	Load module from {{nginx_dir}}/etc/modules-enabled	2017-03-13 09:53:29 +01:00