configurable redirects for the nginx role

playbooks/edx-east/edxapp.yml

@@ -2,6 +2,8 @@
   hosts: all
   sudo: True
   gather_facts: True
+  vars:
+    NGINX_EDXAPP_CUSTOM_REDIRECTS: {}
   roles:
     - aws
     - role: nginx
@@ -10,6 +12,8 @@
       - cms
       nginx_default_sites:
       - lms
+      nginx_redirects: "{{ NGINX_EDXAPP_CUSTOM_REDIRECTS }}"
+
     - edxapp
     - role: datadog
       when: COMMON_ENABLE_DATADOG

playbooks/edx-east/nginx_redirect.yml

-# Example ansible-playbook -i redirect.example.com -e@/path/to/secure/var/file.yml
-#
-# the secure var file will need to have the following vars defined:
-#
-# NGINX_ENABLE_SSL
-# NGINX_SSL_CERTIFICATE
-# NGINX_SSL_KEY
-# # for the redirects use $scheme://example.com to match the protocol
-#
-# secure vars example:
-#  # Vars for setting up the nginx redirect instance
-#  NGINX_ENABLE_SSL: True
-#  NGINX_SSL_CERTIFICATE: '../../../example-secure/ssl/example.com.crt'
-#  NGINX_SSL_KEY: '../../../example-secure/ssl/example.com.key'
-#  nginx_redirects:
-#  - server_name: nginx-redirect.example.edx.org
-#    redirect: "http://www.example.com"
-#  - server_name: example.com
-#    redirect: "http://www.example.com"
-#    default: true
-#
-#
-#
-# - ...
-- name: utility play to setup an nginx redirect
-  hosts: all
-  sudo: True
-  gather_facts: True
-  roles:
-    - role: nginx
-      nginx_sites:
-      - nginx_redirect

playbooks/roles/nginx/tasks/main.yml

@@ -72,6 +72,34 @@
   notify: reload nginx
   with_items: nginx_sites
 
+- name: Copying nginx redirect configs for {{ nginx_redirects }}
+  template: >
+    src={{ nginx_template_dir }}/nginx_redirect.j2
+    dest={{ nginx_sites_available_dir }}/{{ item.key }}
+    owner=root group={{ common_web_user }} mode=0640
+  notify: reload nginx
+  with_dict: nginx_redirects
+  when: nginx_redirects is defined
+
+- name: Creating nginx redirect links for {{ nginx_redirects }}
+  file: >
+    src={{ nginx_sites_available_dir }}/{{ item.key  }}
+    dest={{ nginx_sites_enabled_dir }}/{{ item.key }}
+    state=link owner=root group=root
+  notify: reload nginx
+  with_dict: nginx_redirects
+  when: nginx_redirects is defined
+
+- name: Creating nginx config links for {{ nginx_sites }}
+  file: >
+    src={{ nginx_sites_available_dir }}/{{ item  }}
+    dest={{ nginx_sites_enabled_dir }}/{{ item }}
+    state=link owner=root group=root
+  notify: reload nginx
+  with_items: nginx_sites
+
+
+
 - name: Write out htpasswd file
   htpasswd: >
     name={{ COMMON_HTPASSWD_USER }}

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/nginx_redirect.j2

-{% for item in nginx_redirects -%}
-
-{%- if "default" in item -%}
+{%- if "default" in item.value -%}
   {%- set default_site = "default" -%}
 {%- else -%}
   {%- set default_site = "" -%}
@@ -8,13 +6,17 @@
 
 server {
   listen 80 {{ default_site }};
-  listen 443 {{ default_site }} ssl;
 
+  {% if "ssl" in item.value and item.value['ssl'] == true -%}
+  listen 443 {{ default_site }} ssl;
   ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
   ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  {% endif -%}
 
-  server_name {{ item['server_name'] }};
-  return 301 {{ item['redirect'] }}$request_uri;
-}
-{% endfor %}
+  server_name {% for server in item.value['server_names'] %}
+                
+                {{ server }}{% endfor -%};
 
+                 
+  return 301 {{ item.value['redirect_destination'] }}$request_uri;
+}