From 93cba46dd1f874a0e349e8a1ff5b3955ea99ee9b Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 23 Aug 2021 16:10:37 +0100
Subject: [PATCH] Redirect to HTTPS at the edge

---
 ansible/roles/gateway/files/nginx.conf  | 10 +++++-----
 ansible/roles/ingress/files/haproxy.cfg |  5 -----
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/ansible/roles/gateway/files/nginx.conf b/ansible/roles/gateway/files/nginx.conf
index 051f170..ce0ff60 100644
--- a/ansible/roles/gateway/files/nginx.conf
+++ b/ansible/roles/gateway/files/nginx.conf
@@ -23,6 +23,11 @@ http {
 
     #gzip  on;
 
+    server {
+        listen 80;
+        server_name _;
+        return 308 https://$host$request_uri;
+    }
 }
 
 stream {
@@ -38,11 +43,6 @@ stream {
     access_log /var/log/nginx/access.log access;
     access_log /var/log/nginx/ips.log ips;
 
-    server {
-        listen 80;
-        proxy_pass {{ wireguard.clients.ingress.ip }}:880;
-        proxy_protocol on;
-    }
     server {
         listen 443;
         proxy_pass {{ wireguard.clients.ingress.ip }}:8443;
diff --git a/ansible/roles/ingress/files/haproxy.cfg b/ansible/roles/ingress/files/haproxy.cfg
index 3081361..837ec24 100644
--- a/ansible/roles/ingress/files/haproxy.cfg
+++ b/ansible/roles/ingress/files/haproxy.cfg
@@ -31,11 +31,6 @@ listen matrix_internal
     server default {{ pve_hosts.pve_docker.ip }}:443 send-proxy-v2
 
 # External routes
-listen http_external
-    bind *:880 accept-proxy
-    mode http
-    server default {{ pve_hosts.pve_docker.ip }}:80 send-proxy-v2
-
 listen https_external
     bind *:8443 accept-proxy
     mode tcp