From ee2555abe7767818295bd04334e5d6b6c3de5a0d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 9 Oct 2023 22:19:57 +0200
Subject: nginx/vhost: make listen addresses configurable

---
 roles/nginx/vhost/templates/generic.conf.j2 | 14 ++++++++------
 roles/nginx/vhost/templates/tlsonly.conf.j2 |  7 ++++---
 2 files changed, 12 insertions(+), 9 deletions(-)

(limited to 'roles/nginx/vhost')

diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2
index 97cb8269..cdf267ab 100644
--- a/roles/nginx/vhost/templates/generic.conf.j2
+++ b/roles/nginx/vhost/templates/generic.conf.j2
@@ -1,7 +1,8 @@
 server {
-    listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    server_name {{ nginx_vhost.hostnames | join(' ') }};
+{% for listen in (nginx_vhost.listen | default(['80', '[::]:80'])) %}
+    listen {{ listen }}{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+{% endfor %}
+    server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }};
 
 {% if 'logs' in nginx_vhost %}
 {%   if 'access' in nginx_vhost.logs %}
@@ -23,9 +24,10 @@ server {
 }
 
 server {
-    listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    server_name {{ nginx_vhost.hostnames | join(' ') }};
+{% for listen in (nginx_vhost.tls.listen | default(['443', '[::]:443'])) %}
+    listen {{ listen }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+{% endfor %}
+    server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }};
 
 {%   if 'logs' in nginx_vhost %}
 {%     if 'access' in nginx_vhost.logs %}
diff --git a/roles/nginx/vhost/templates/tlsonly.conf.j2 b/roles/nginx/vhost/templates/tlsonly.conf.j2
index 2af0e7ad..122e2f4f 100644
--- a/roles/nginx/vhost/templates/tlsonly.conf.j2
+++ b/roles/nginx/vhost/templates/tlsonly.conf.j2
@@ -1,7 +1,8 @@
 server {
-    listen {{ nginx_vhost.tls.port | default(443) }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    listen [::]:{{ nginx_vhost.tls.port | default(443) }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
-    server_name {{ nginx_vhost.hostnames | join(' ') }};
+{% for listen in (nginx_vhost.tls.listen | default(['443', '[::]:443'])) %}
+    listen {{ listen }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+{% endfor %}
+    server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }};
 
 {% if 'logs' in nginx_vhost %}
 {%   if 'access' in nginx_vhost.logs %}
-- 
cgit v1.2.3