From 55771b4ded427647ff9557123da5387b667c5ff8 Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Mon, 24 Sep 2018 15:14:09 +0200
Subject: [PATCH] roles: move external addresses to front in vhosts so they get
 used for redirects

---
 roles/service-grafana/templates/grafana_vhost.conf.j2     | 7 +++----
 .../templates/firmware_vhost.conf.j2                      | 8 ++++----
 .../templates/meshviewer_vhost.conf.j2                    | 6 +++---
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/roles/service-grafana/templates/grafana_vhost.conf.j2 b/roles/service-grafana/templates/grafana_vhost.conf.j2
index 511046e..05f96c1 100644
--- a/roles/service-grafana/templates/grafana_vhost.conf.j2
+++ b/roles/service-grafana/templates/grafana_vhost.conf.j2
@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen [::]:80;
-    server_name {{ grafana_url_internal }} {{ grafana_url_external }};
+    server_name {{ grafana_url_external }} {{ grafana_url_internal }};
 
     include /etc/nginx/snippets/redirect-to-ssl.conf;
     include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
@@ -10,7 +10,7 @@ server {
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name {{ grafana_url_internal }} {{ grafana_url_external }};
+    server_name {{ grafana_url_external }} {{ grafana_url_internal }};
 
     ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
@@ -18,7 +18,6 @@ server {
     include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
 
     location / {
-      set $grafana_addr 127.0.0.1 ;
-      proxy_pass http://$grafana_addr:3000;
+      proxy_pass http://127.0.0.1:3000;
     }
 }
diff --git a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
index dfde0b4..6057136 100644
--- a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
+++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen [::]:80;
-    server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
+    server_name firmware.{{ http_domain_external }} firmware.{{ http_domain_internal }};
 
     charset utf-8;
     server_tokens off;
@@ -18,7 +18,7 @@ server {
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
+    server_name firmware.{{ http_domain_external }} firmware.{{ http_domain_internal }};
 
     charset utf-8;
     server_tokens off;
@@ -39,7 +39,7 @@ server {
 server {
     listen 80;
     listen [::]:80;
-    server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
+    server_name firmware.{{ mesh.http_domain_external }} firmware.{{ mesh.http_domain_internal }};
 
     charset utf-8;
     server_tokens off;
@@ -56,7 +56,7 @@ server {
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
+    server_name firmware.{{ mesh.http_domain_external }} firmware.{{ mesh.http_domain_internal }};
 
     charset utf-8;
     server_tokens off;
diff --git a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2 b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
index 8aa0a63..78a61a3 100644
--- a/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
+++ b/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
@@ -10,7 +10,7 @@ upstream openstreetmap {
 server {
     listen 80;
     listen [::]:80;
-    server_name {{ http_meshviewer_internal }} {{ http_meshviewer_external }};
+    server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
 
     include /etc/nginx/snippets/redirect-to-ssl.conf;
     include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
@@ -19,7 +19,7 @@ server {
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name {{ http_meshviewer_internal }} {{ http_meshviewer_external }};
+    server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
 
     ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
@@ -58,7 +58,7 @@ server {
 server {
     listen 80;
     listen [::]:80;
-    server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }};
+    server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
     return 301 https://{{ http_meshviewer_external }}$request_uri;
 
     include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;