From ea1a3626dbccbbdcce288971416393fe28351363 Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Mon, 29 Jul 2019 19:39:58 +0200
Subject: [PATCH] Add IPv6 listener support; Make listen options configurable
 (#147)

* Add IPv6 listener support; Make options (besides 'ssl' and 'ipv6only=on' for IPv6 listeners) configurable.

* Combine listen directives for ssl and non ssl listeners and add the ssl option automatically when it is needed.

* Add comment from README also to defaults/main.yml

* Add support for multiple listen directives
---
 README.md                               |  6 +++++-
 defaults/main.yml                       |  6 +++++-
 templates/http/default.conf.j2          |  8 ++++----
 tests/playbooks/nginx-http-template.yml | 21 ++++++++++++++++-----
 4 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 7d09b61..d77e926 100644
--- a/README.md
+++ b/README.md
@@ -358,7 +358,11 @@ nginx_http_template:
     template_file: http/default.conf.j2
     conf_file_name: default.conf
     conf_file_location: /etc/nginx/conf.d/
-    port: 8081
+    listen:
+      listen_localhost:
+        ip: localhost # Wrap in square brackets for IPv6 addresses
+        port: 8081
+        opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
     server_name: localhost
     include_files: []
     error_page: /usr/share/nginx/html
diff --git a/defaults/main.yml b/defaults/main.yml
index 27cb529..d672640 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -170,7 +170,11 @@ nginx_http_template:
     template_file: http/default.conf.j2
     conf_file_name: default.conf
     conf_file_location: /etc/nginx/conf.d/
-    port: 8081
+    listen:
+      listen_localhost:
+        ip: localhost # Wrap in square brackets for IPv6 addresses
+        port: 8081
+        opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
     server_name: localhost
     include_files: []
     error_page: /usr/share/nginx/html
diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2
index 1536498..503a31e 100644
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@@ -53,8 +53,11 @@ auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_
 {% endif %}
 
 server {
+{% for listen in item.value.listen %}
+    listen {% if item.value.listen[listen].ip is defined and item.value.listen[listen].ip | length %}{{ item.value.listen[listen].ip }}:{% endif %}{{ item.value.listen[listen].port }}{% if item.value.ssl is defined and item.value.ssl %} ssl{% endif %}{% if item.value.listen[listen].opts is defined and item.value.listen[listen].opts | length %} {{ item.value.listen[listen].opts | join(" ") }}{% endif %};
+{% endfor %}
+    server_name {{ item.value.server_name | default('localhost') }};
 {% if item.value.ssl is defined and item.value.ssl %}
-    listen {{ item.value.port }} ssl;
     ssl_certificate {{ item.value.ssl.cert }};
     ssl_certificate_key {{ item.value.ssl.key }};
 {% if item.value.ssl.trusted_cert is defined %}
@@ -87,10 +90,7 @@ server {
 {% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
     ssl_stapling_verify on;
 {% endif %}
-{% else %}
-    listen {{ item.value.port }};
 {% endif %}
-    server_name {{ item.value.server_name | default('localhost') }};
 {% if item.value.include_files is defined and item.value.include_files | length %}
 {% for file in item.value.include_files %}
     include "{{ file }}";
diff --git a/tests/playbooks/nginx-http-template.yml b/tests/playbooks/nginx-http-template.yml
index 26ddac0..25f39ef 100644
--- a/tests/playbooks/nginx-http-template.yml
+++ b/tests/playbooks/nginx-http-template.yml
@@ -12,7 +12,12 @@
         template_file: http/default.conf.j2
         conf_file_name: default.conf
         conf_file_location: /etc/nginx/conf.d/
-        port: 80
+        listen:
+          listen_localhost:
+            ip: 0.0.0.0
+            port: 80
+            opts:
+              - default_server
         server_name: localhost
         error_page: /usr/share/nginx/html
         proxy_hide_headers:
@@ -131,7 +136,7 @@
             sticky_cookie: false
             servers:
               frontend_server_1:
-                address: localhost
+                address: 0.0.0.0
                 port: 8081
                 weight: 1
                 health_check: max_fails=3 fail_timeout=5s
@@ -143,7 +148,7 @@
             sticky_cookie: false
             servers:
               backend_server_1:
-                address: localhost
+                address: 0.0.0.0
                 port: 8082
                 weight: 1
                 health_check: max_fails=3 fail_timeout=5s
@@ -156,7 +161,10 @@
         template_file: http/default.conf.j2
         conf_file_name: frontend_default.conf
         conf_file_location: /etc/nginx/conf.d/
-        port: 8081
+        listen:
+          listen_localhost:
+            port: 8081
+            opts: []
         server_name: localhost
         error_page: /usr/share/nginx/html
         autoindex: false
@@ -174,7 +182,10 @@
         template_file: http/default.conf.j2
         conf_file_name: backend_default.conf
         conf_file_location: /etc/nginx/conf.d/
-        port: 8082
+        listen:
+          listen_localhost:
+            port: 8082
+            opts: []
         server_name: localhost
         error_page: /usr/share/nginx/html
         autoindex: false