Merge pull request #2684 from edx/arbab/ssl-templates-fix

modified the remaining templates

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/analytics_api.j2

@@ -7,6 +7,32 @@ upstream analytics_api_app_server {
 server {
   listen {{ ANALYTICS_API_NGINX_PORT }} default_server;
 
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
+  {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
+  # Redirect http to https over single instance
+  if ($scheme != "https") 
+  { 
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+  # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
+  if ($http_x_forwarded_proto = "http") 
+  {
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+
+  # Execute the actual redirect
+  if ($do_redirect_to_https = "true")
+  {
+  rewrite ^ https://$host$request_uri? permanent;
+  }
+  {% endif %}
+  
   location ~ ^/static/(?P<file>.*) {
     root {{ COMMON_DATA_DIR }}/{{ analytics_api_service_name }};
     try_files /staticfiles/$file =404;

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ecommerce.j2

@@ -30,20 +30,24 @@ server {
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
   {% endif %}
 
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
   {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
   # Redirect http to https over single instance
   if ($scheme != "https") 
   { 
    set $do_redirect_to_https "true";
   }
-
-  # Nginx does not support nested conditions 
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 
   {
    set $do_redirect_to_https "true";
   }
-
+     {% endif %}
+  # Execute the actual redirect
   if ($do_redirect_to_https = "true")
   {
   rewrite ^ https://$host$request_uri? permanent;

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2

@@ -7,6 +7,32 @@ upstream {{ edx_notes_api_service_name }}_app_server {
 server {
   listen {{ edx_notes_api_nginx_port }} default_server;
 
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
+  {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
+  # Redirect http to https over single instance
+  if ($scheme != "https") 
+  { 
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+  # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
+  if ($http_x_forwarded_proto = "http") 
+  {
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+
+  # Execute the actual redirect
+  if ($do_redirect_to_https = "true")
+  {
+  rewrite ^ https://$host$request_uri? permanent;
+  }
+  {% endif %}
+  
   location / {
     try_files $uri @proxy_to_app;
   }

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/insights.j2

@@ -33,20 +33,26 @@ location @proxy_to_app {
     proxy_pass http://insights_app_server;
   }
   
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
   {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
   # Redirect http to https over single instance
   if ($scheme != "https") 
   { 
    set $do_redirect_to_https "true";
   }
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
-  # Nginx does not support nested conditions 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 
   {
    set $do_redirect_to_https "true";
   }
+  {% endif %}
 
+  # Execute the actual redirect
   if ($do_redirect_to_https = "true")
   {
   rewrite ^ https://$host$request_uri? permanent;

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/kibana.j2

@@ -23,6 +23,32 @@ server {
   listen {{ KIBANA_NGINX_PORT }} {{ default_site }};
   {% endif %}
   
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
+  {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
+  # Redirect http to https over single instance
+  if ($scheme != "https") 
+  { 
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+  # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
+  if ($http_x_forwarded_proto = "http") 
+  {
+   set $do_redirect_to_https "true";
+  }
+  {% endif %}
+
+  # Execute the actual redirect
+  if ($do_redirect_to_https = "true")
+  {
+  rewrite ^ https://$host$request_uri? permanent;
+  }
+  {% endif %}
+  
   server_name {{ KIBANA_SERVER_NAME }};
 
   root {{ kibana_app_dir }}/htdocs;

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/programs.j2

@@ -31,20 +31,26 @@ server {
 
   {% endif %}
 
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
   {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
   # Redirect http to https over single instance
   if ($scheme != "https") 
   { 
    set $do_redirect_to_https "true";
   }
+     {% endif %}
+  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
-  # Nginx does not support nested conditions 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 
   {
    set $do_redirect_to_https "true";
   }
+     {% endif %}
 
+  # Execute the actual redirect
   if ($do_redirect_to_https = "true")
   {
   rewrite ^ https://$host$request_uri? permanent;