fix redirect https : show port only if not 443

Bug fix : redirect https with many names
On a multiple name vhost with redirect_https, redirection is done with the origin name not the main name.
2026-02-28 09:22:10 +07:00 · 2017-04-13 15:16:53 +02:00 · 2017-04-13 14:21:14 +02:00 · 2017-03-14 11:21:35 +01:00 · 2017-03-13 10:19:07 +01:00 · 2017-03-13 09:53:29 +01:00
6 changed files with 47 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -55,6 +55,11 @@ FreeBSD:
 - `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`)
 - `nginx_dyn_modules`: dynamic module list to load

+About modules
+-------------
+
+Last updates from Debian backports loads modules from /etc/nginx/modules-enabled directory. Disabling/Enabling is not supported anymore. Please wait further update.
+
 Fine configuration
 ------------------

--- a/tasks/dyn_modules.yml
+++ b/tasks/dyn_modules.yml
@@ -13,4 +13,13 @@
  with_items: "{{ nginx_dyn_modules }}"
  when:  ansible_distribution == 'Debian'

+- name: FILE | Creates modules directories
+  file: >
+    path="{{ nginx_etc_dir}}/{{ item }}"
+    state=directory
+    mode=0755
+    owner=root
+    group=root
+  with_items: ['modules-available', 'modules-enabled']
+
 # TODO: manage freebsd
--- a/tasks/htpasswd.yml
+++ b/tasks/htpasswd.yml
@@ -6,6 +6,7 @@
    state=absent
  with_items: "{{ nginx_htpasswd }}"
  when: item.state is defined and item.state == 'absent'
+  no_log: true

 - name: HTPASSWD | Manage files
  htpasswd: >
--- a/templates/etc/nginx/nginx.conf.j2
+++ b/templates/etc/nginx/nginx.conf.j2
@@ -6,9 +6,7 @@ user {{ nginx_user }};
 worker_processes {{ nginx_worker_processes }};
 pid {{ nginx_pid }};
 {% if nginx_version.stdout | version_compare('1.9.11', 'ge') %}
-{% for module in nginx_dyn_modules -%}
-load_module "modules/ngx_{{ module }}_module.so";
-{% endfor %}
+include {{ nginx_etc_dir }}/modules-enabled/*.conf;
 {% endif %}

 events {
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -22,6 +22,16 @@
 	ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
 {% endfor %}
 {%- endmacro %}
+{% macro httpsredirect(name) %}
+server {
+{% for port in __listen %}
+	listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+{% endfor %}
+	server_name {{ name }};
+	return 301 https://{{ name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
+}
+{% endmacro %}
+
 #
 # {{ ansible_managed }}
 #
@@ -142,15 +152,14 @@ server {
 #
 # Redirect HTTP to HTTPS
 #
-server {
-{% for port in __listen %}
-	listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+{% if item.name is string %}
+{{ httpsredirect(item.name) }}
+{% else %}
+{% for i in item.name %}
+{{ httpsredirect(i) }}
 {% endfor %}
-	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %};
-	return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
-}
 {% endif %}
-
+{% endif %}

 {% if item.redirect_from is defined and item.redirect_from is iterable %}
 #
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -212,6 +212,14 @@
        template: '_base'
        ssl_name: 'test-ssl.local'
        redirect_https: true
+      - name:
+          - 'test-ssl-redirect-many.local'
+          - 'test-ssl-redirect-many2.local'
+        listen_ssl: [8443]
+        proto: ['https']
+        template: '_base'
+        ssl_name: 'test-ssl.local'
+        redirect_https: true
      - name: 'test-ssl-proxy-protocol.local'
        proto: ['http', 'https']
        listen: [80, 20080]
@@ -374,14 +382,16 @@
        - 'test-ssl-predeployed.local'
        - 'test-ssl.local'
    - name: -- VERIFY SSL REDIRECT --
-      command: "curl -v --insecure -H 'Host: {{ item }}' http://127.0.0.1/"
+      command: "curl -v -H 'Host: {{ item.name }}' http://127.0.0.1/"
      changed_when: false
      register: sslredirok
-      failed_when: >
-        sslredirok.stderr.find('< Location') == -1 and
-        sslredirok.stderr.find('https://{{ item }}/') == -1
+      failed_when: "'< Location: https://{{ item.name }}{{ ':' + item.port if item.port is defined else '' }}/' not in sslredirok.stderr"
      with_items:
-        - 'test-ssl-redirect.local'
+        - name: 'test-ssl-redirect.local'
+        - name: 'test-ssl-redirect-many.local'
+          port: '8443'
+        - name: 'test-ssl-redirect-many2.local'
+          port: '8443'

 # --------------------------------
 # Default vhosts
Author	SHA1	Message	Date
Emilien Mantel	a60e81cc1f	fix redirect https : show port only if not 443	2017-04-13 15:16:53 +02:00
Emilien Mantel	f1af8991fd	Bug fix : redirect https with many names On a multiple name vhost with redirect_https, redirection is done with the origin name not the main name.	2017-04-13 14:21:14 +02:00
Emilien Mantel	fcb59fd331	no_log when deleting htpasswd files	2017-03-14 11:21:35 +01:00
Emilien Mantel	2aa9e8b6b9	load modules uses pattern *.conf	2017-03-13 10:19:07 +01:00
Emilien Mantel	7892626fc0	Load module from {{nginx_dir}}/etc/modules-enabled	2017-03-13 09:53:29 +01:00