From 7eda0eb8ddf1f93e0349ff5a77602bf3f151c116 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 5 Sep 2019 20:48:43 +0200
Subject: [PATCH] nginx: Unify http and https servers

Where http does not redirect to https. These are package mirrors and
the web key directory.
---
 roles/arch32_mirror/templates/nginx.d.conf.j2 | 14 ++---------
 roles/dbscripts/templates/nginx.d.conf.j2     | 24 ++-----------------
 roles/syncrepo/templates/nginx.d.conf.j2      | 14 ++---------
 roles/wkd/templates/nginx.d.conf.j2           | 14 ++---------
 4 files changed, 8 insertions(+), 58 deletions(-)

diff --git a/roles/arch32_mirror/templates/nginx.d.conf.j2 b/roles/arch32_mirror/templates/nginx.d.conf.j2
index 8e8a16b19..6f1182549 100644
--- a/roles/arch32_mirror/templates/nginx.d.conf.j2
+++ b/roles/arch32_mirror/templates/nginx.d.conf.j2
@@ -1,6 +1,8 @@
 server {
     listen       80;
     listen       [::]:80;
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
     server_name  {{ arch32_mirror_domain }} pool.mirror.archlinux32.org;
     root         {{ arch32_mirror_dir }};
 
@@ -9,18 +11,6 @@ server {
 
     include snippets/letsencrypt.conf;
 
-    autoindex on;
-}
-
-server {
-    listen       443 ssl http2;
-    listen       [::]:443 ssl http2;
-    server_name  {{ arch32_mirror_domain }};
-    root         {{ arch32_mirror_dir }};
-
-    access_log   /var/log/nginx/{{ arch32_mirror_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
-
     ssl_certificate      /etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ arch32_mirror_domain }}/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/chain.pem;
diff --git a/roles/dbscripts/templates/nginx.d.conf.j2 b/roles/dbscripts/templates/nginx.d.conf.j2
index 8530e632b..428ced958 100644
--- a/roles/dbscripts/templates/nginx.d.conf.j2
+++ b/roles/dbscripts/templates/nginx.d.conf.j2
@@ -1,33 +1,13 @@
 server {
     listen       80;
     listen       [::]:80;
-    server_name  {{ repos_domain }} {{repos_rsync_domain}};
-    root         /srv/ftp;
-
-    include snippets/letsencrypt.conf;
-
-    satisfy  any;
-
-    access_log   /var/log/nginx/{{ repos_domain }}/access.log reduced;
-
-    location /lastupdate {
-        allow all;
-    }
-
-	location / {
-		auth_basic            "Restricted";
-		auth_basic_user_file  auth/dbscripts.htpasswd;
-
-		autoindex  on;
-	}
-}
-
-server {
     listen       443 ssl http2;
     listen       [::]:443 ssl http2;
     server_name  {{ repos_domain }} {{repos_rsync_domain}};
     root         /srv/ftp;
 
+    include snippets/letsencrypt.conf;
+
     ssl_certificate      /etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
diff --git a/roles/syncrepo/templates/nginx.d.conf.j2 b/roles/syncrepo/templates/nginx.d.conf.j2
index 7b8436a51..d40403475 100644
--- a/roles/syncrepo/templates/nginx.d.conf.j2
+++ b/roles/syncrepo/templates/nginx.d.conf.j2
@@ -1,18 +1,6 @@
 server {
     listen       80;
     listen       [::]:80;
-    server_name  {{ mirror_domain }};
-    root         /srv/ftp;
-
-    access_log   /var/log/nginx/{{ mirror_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ mirror_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    autoindex on;
-}
-
-server {
     listen       443 ssl http2;
     listen       [::]:443 ssl http2;
     server_name  {{ mirror_domain }};
@@ -21,6 +9,8 @@ server {
     access_log   /var/log/nginx/{{ mirror_domain }}/access.log reduced;
     error_log    /var/log/nginx/{{ mirror_domain }}/error.log;
 
+    include snippets/letsencrypt.conf;
+
     ssl_certificate      /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
diff --git a/roles/wkd/templates/nginx.d.conf.j2 b/roles/wkd/templates/nginx.d.conf.j2
index dd7615d5f..b38f79471 100644
--- a/roles/wkd/templates/nginx.d.conf.j2
+++ b/roles/wkd/templates/nginx.d.conf.j2
@@ -1,18 +1,6 @@
 server {
     listen       80;
     listen       [::]:80;
-    server_name  {{ wkd_domain }};
-    root         {{ wkd_dir }};
-
-    access_log   /var/log/nginx/{{ wkd_domain }}/access.log reduced;
-    error_log    /var/log/nginx/{{ wkd_domain }}/error.log;
-
-    include snippets/letsencrypt.conf;
-
-    autoindex on;
-}
-
-server {
     listen       443 ssl http2;
     listen       [::]:443 ssl http2;
     server_name  {{ wkd_domain }};
@@ -21,6 +9,8 @@ server {
     access_log   /var/log/nginx/{{ wkd_domain }}/access.log reduced;
     error_log    /var/log/nginx/{{ wkd_domain }}/error.log;
 
+    include snippets/letsencrypt.conf;
+
     ssl_certificate      /etc/letsencrypt/live/{{ wkd_domain }}/fullchain.pem;
     ssl_certificate_key  /etc/letsencrypt/live/{{ wkd_domain }}/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/{{ wkd_domain }}/chain.pem;
-- 
GitLab