nginx: Provide new mechanism for default page manipulation

Important changes:
- The well-known path is moved to the separate snippet acme.conf
- It is possible to disable default page
- The autodetection mechanism for default page is provided

5 files changed, 22 insertions, 7 deletions

diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index dde38dc..d59cd9b 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -2,3 +2,6 @@
 nginx_well_known_path: "/home/acme/webroot/"
 ## First of all - make sure that HTTPS works well; then is possible to enable HSTS
 nginx_enable_hsts: no
+## Control default config uploading
+nginx_deploy_default_config: True
+nginx_enable_autodetection: True
diff --git a/roles/nginx/files/default b/roles/nginx/files/default
index 2b909ce..cfec4b2 100644
--- a/roles/nginx/files/default
+++ b/roles/nginx/files/default
@@ -2,6 +2,7 @@ server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 
+	include snippets/acme.conf;
 	include snippets/common.conf;
 
 	root /var/www/html;
@@ -12,5 +13,6 @@ server {
 
 	location / {
 		try_files $uri $uri/ =404;
+		return 301 https://$host$request_uri;
 	}
 }
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 2ac852e..4d4b085 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -51,6 +51,7 @@
     group: root
     mode: 0644
   with_items:
+  - acme.conf
   - common.conf
   - ssl-common.conf
   - ssl-medium-common.conf
@@ -70,18 +71,27 @@
   - restart nginx
   when: stat_default.stat.exists and stat_default.stat.islnk == True
 
-- name: Deploy temporary default page (with our snippets etc)
+- name: Detect acme configuration on some vhost
+  shell: ls | grep -v default | while read LINE; do cat "$LINE" ; done | grep -q 'include snippets/acme.conf'
+  args:
+    chdir: /etc/nginx/sites-enabled
+  register: autodetect
+  changed_when: False
+  failed_when: False
+  when: nginx_deploy_default_config == True and nginx_enable_autodetection == True
+
+- name: Deploy default page (with our snippets etc)
   copy:
     src: default
     ## Do not deploy it as symlik
-    ## This method keeps default config available, provides necessary definitions (.well-known)
-    ## and the particular server ussually deletes /etc/nginx/sites-enabled/default
     dest: /etc/nginx/sites-enabled/default
     owner: root
     group: root
     mode: 0644
   notify:
   - restart nginx
+  when: (nginx_deploy_default_config == True and nginx_enable_autodetection == True and autodetect.rc != 0) or
+        (nginx_deploy_default_config == True and nginx_enable_autodetection == False)
 
 - meta: flush_handlers
 
diff --git a/roles/nginx/templates/snippets/acme.conf.j2 b/roles/nginx/templates/snippets/acme.conf.j2
new file mode 100644
index 0000000..4980312
--- /dev/null
+++ b/roles/nginx/templates/snippets/acme.conf.j2
@@ -0,0 +1,4 @@
+location ^~ /.well-known/ {
+	root {{ nginx_well_known_path }};
+	allow all;
+}
diff --git a/roles/nginx/templates/snippets/common.conf.j2 b/roles/nginx/templates/snippets/common.conf.j2
index 727da03..0a8e29e 100644
--- a/roles/nginx/templates/snippets/common.conf.j2
+++ b/roles/nginx/templates/snippets/common.conf.j2
@@ -3,8 +3,4 @@ location ~ /\.ht {
 	deny all;
 }
 
-location ^~ /.well-known/ {
-	root {{ nginx_well_known_path }};
-}
-
 charset utf-8;