From cfb498d7c6dc066cac7f4def650c874f04f91f82 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 16 Dec 2023 18:13:49 +0000 Subject: [PATCH] Only add HTTPS redirect when it's needed --- ansible/host_vars/casey.yml | 2 ++ ansible/host_vars/ingress.yml | 2 ++ ansible/roles/nginx/defaults/main.yml | 1 + ansible/roles/nginx/tasks/main.yml | 1 + 4 files changed, 6 insertions(+) create mode 100644 ansible/roles/nginx/defaults/main.yml diff --git a/ansible/host_vars/casey.yml b/ansible/host_vars/casey.yml index eace308..71f2ddc 100644 --- a/ansible/host_vars/casey.yml +++ b/ansible/host_vars/casey.yml @@ -1,3 +1,5 @@ nebula_is_lighthouse: true nebula_listen_port: "{{ nebula_lighthouse_port }}" ssh_extra_allowed_users: f2b@{{ nebula.cidr }} f2b@{{ pve_hosts.internal_cidr }} + +nginx_https_redirect: true diff --git a/ansible/host_vars/ingress.yml b/ansible/host_vars/ingress.yml index 62fa34d..0a60f81 100644 --- a/ansible/host_vars/ingress.yml +++ b/ansible/host_vars/ingress.yml @@ -1,2 +1,4 @@ # Listen on a static port so it can be opened in the firewall nebula_listen_port: "{{ nebula_lighthouse_port }}" + +nginx_https_redirect: true diff --git a/ansible/roles/nginx/defaults/main.yml b/ansible/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..39e84ef --- /dev/null +++ b/ansible/roles/nginx/defaults/main.yml @@ -0,0 +1 @@ +nginx_https_redirect: false diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index f271529..788b317 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -36,3 +36,4 @@ mode: "0644" become: true notify: reload nginx + when: nginx_https_redirect