From 07a27d43855b57b3c1e969249e19009408eb673d Mon Sep 17 00:00:00 2001
From: Oleg Lavrovsky <oleg@utou.ch>
Date: Sat, 2 Jun 2018 15:01:29 +0200
Subject: [PATCH] Domain setup

---
 ansible/roles/web/templates/nginx.conf.j2     | 29 +++++++++-------
 .../web/templates/ph-extra-nginx.conf.j2      | 34 ++++++++++++-------
 2 files changed, 37 insertions(+), 26 deletions(-)

diff --git a/ansible/roles/web/templates/nginx.conf.j2 b/ansible/roles/web/templates/nginx.conf.j2
index 9b390f3..27bdf45 100644
--- a/ansible/roles/web/templates/nginx.conf.j2
+++ b/ansible/roles/web/templates/nginx.conf.j2
@@ -8,8 +8,24 @@ upstream wagtail-site {
 server {
 	listen [::]:80 default_server;
 	listen 80 default_server;
+	server_name {{ domain }};
+	return 301 https://$server_name$request_uri;
+}
+server {
+	listen 80;
+	server_name sphc.ch;
+	return 301 https://$server_name$request_uri;
+}
+server {
+	listen [::]:443;
+	listen 443 ssl;
 	server_name {{ domain }} sphc.ch;
 
+	ssl on;
+	ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+
 	client_max_body_size 16M;
 
 	gzip on;
@@ -57,17 +73,4 @@ server {
 		proxy_redirect off;
 		proxy_pass http://wagtail-site;
 	}
-
-	# Enable secure site support
-	listen [::]:443;
-	listen 443 ssl;
-	ssl on;
-	ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
-
-	if ($scheme != "https") {
-		return 301 https://$host$request_uri;
-	}
-
 }
diff --git a/ansible/roles/web/templates/ph-extra-nginx.conf.j2 b/ansible/roles/web/templates/ph-extra-nginx.conf.j2
index 5f51ef8..c628615 100644
--- a/ansible/roles/web/templates/ph-extra-nginx.conf.j2
+++ b/ansible/roles/web/templates/ph-extra-nginx.conf.j2
@@ -5,6 +5,16 @@
 server {
 	listen 80;
 	server_name www-old.{{ domain }};
+	return 301 https://$server_name$request_uri;
+}
+server {
+	listen 443 ssl;
+	server_name www-old.{{ domain }};
+	ssl on;
+	ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+
 	index index.html index.htm;
 	root {{ archive_dir }};
 	add_after_body /archive-message.html;
@@ -14,33 +24,31 @@ server {
 	location / {
 		try_files $uri $uri/ =404;
 	}
-	# Enable secure site support
-	listen [::]:443;
-	listen 443 ssl;
-	ssl on;
-	ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
-
-	if ($scheme != "https") {
-		return 301 https://$host$request_uri;
-	}
 }
 
 server {
 	listen 80;
 	server_name conference.{{ domain }};
+
 	location /fr {
 		return 301 $scheme://sph17.organizers-congress.org/frontend/index.php?sub=89;
 	}
 	location / {
 		return 301 $scheme://sph17.organizers-congress.org;
 	}
-	# Enable secure site support
-	listen [::]:443;
+}
+server {
 	listen 443 ssl;
+	server_name conference.{{ domain }};
 	ssl on;
 	ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
 	include /etc/letsencrypt/options-ssl-nginx.conf;
+
+	location /fr {
+		return 301 $scheme://sph17.organizers-congress.org/frontend/index.php?sub=89;
+	}
+	location / {
+		return 301 $scheme://sph17.organizers-congress.org;
+	}
 }