From e916da0667c95df3b6bc53f021250779ed93ca29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Jonas=20S=C3=A4mann?= <sprinterfeak@binary-kitchen.de>
Date: Sat, 5 Jan 2019 02:38:22 +0100
Subject: [PATCH] Added role pve-nginx-redirector

roles:
  - pve-nginx-redirector

For a more admin friedly workflow this patch configures nginx to
redirect everything http://:80 and https://:443 to https://:8006 using
pve's own self-signed certificates for https://
---
 roles/pve-nginx-redirector/handlers/main.yml  |  4 ++++
 roles/pve-nginx-redirector/tasks/main.yml     | 10 ++++++++++
 .../templates/redirect.j2                     | 19 +++++++++++++++++++
 3 files changed, 33 insertions(+)
 create mode 100644 roles/pve-nginx-redirector/handlers/main.yml
 create mode 100644 roles/pve-nginx-redirector/tasks/main.yml
 create mode 100644 roles/pve-nginx-redirector/templates/redirect.j2

diff --git a/roles/pve-nginx-redirector/handlers/main.yml b/roles/pve-nginx-redirector/handlers/main.yml
new file mode 100644
index 0000000..44975c4
--- /dev/null
+++ b/roles/pve-nginx-redirector/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Restart nginx
+  service: name=nginx state=restarted
diff --git a/roles/pve-nginx-redirector/tasks/main.yml b/roles/pve-nginx-redirector/tasks/main.yml
new file mode 100644
index 0000000..2a1143d
--- /dev/null
+++ b/roles/pve-nginx-redirector/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Check if nginx is installed
+  stat: path=/etc/nginx
+  register: nginx
+
+- name: Configuring nginx pve redirector 80 -> 443 -> 8006
+  template: src=redirect.j2 dest=/etc/nginx/sites-enabled/redirect mode=0644
+  notify: Restart nginx
+  when: nginx.stat.exists == True
diff --git a/roles/pve-nginx-redirector/templates/redirect.j2 b/roles/pve-nginx-redirector/templates/redirect.j2
new file mode 100644
index 0000000..249729c
--- /dev/null
+++ b/roles/pve-nginx-redirector/templates/redirect.j2
@@ -0,0 +1,19 @@
+server {
+ listen {{ ansible_default_ipv4.address | default("0.0.0.0") }}:80;
+
+ location / {
+  return 301 https://$server_addr;
+ }
+
+}
+
+server {
+ listen {{ ansible_default_ipv4.address | default("0.0.0.0") }}:443 ssl;
+
+ location / {
+  return 301 https://$server_addr:8006;
+ }
+
+ ssl_certificate     /etc/pve/local/pve-ssl.pem;
+ ssl_certificate_key /etc/pve/local/pve-ssl.key;
+}