try again

better spacing?2
2018-01-23 19:47:34 -08:00 · 2018-01-23 19:39:35 -08:00 · 2018-01-23 19:34:38 -08:00 · 2018-01-23 19:29:30 -08:00 · 2018-01-23 19:25:20 -08:00
1 changed files with 16 additions and 30 deletions
--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@@ -615,38 +615,24 @@ class NginxConfigurator(common.Installer):
                self.DEFAULT_LISTEN_PORT)
            return

-        if vhost.ssl:
-            new_vhost = self.parser.duplicate_vhost(vhost,
-                only_directives=['listen', 'server_name'])
+        redirect_block = [[
+            ['\n    ', 'if', ' ', '($scheme', ' ', '!=', ' ', '"https")'],
+            [['\n        ', 'if', ' ', '($host', ' ', '=', ' ', '"{0}")'.format(domain)],
+            [['\n            ', 'return', ' ', '301', ' ', 'https://$host$request_uri'],
+            '\n        '],
+            '\n    ']],
+            ['\n']]

-            def _ssl_match_func(directive):
-                return 'ssl' in directive
+        #redirect_block = [[
+        #    ['\n    ', 'if', ' ', '($scheme', ' ', '!=', ' ', '"https")'],
+        #    [['\n        ', 'if', ' ', '($host', ' ', '=', ' ', '"{0}")'.format(domain)],
+        #    [[['\n            ', 'return', ' ', '301', ' ', 'https://$host$request_uri'],
+        #    '\n        ']],
+        #    '\n    ']],
+        #    ['\n']]

-            def _no_ssl_match_func(directive):
-                return 'ssl' not in directive
-
-            # remove all ssl addresses from the new block
-            self.parser.remove_server_directives(new_vhost, 'listen', match_func=_ssl_match_func)
-
-            # remove all non-ssl addresses from the existing block
-            self.parser.remove_server_directives(vhost, 'listen', match_func=_no_ssl_match_func)
-
-            vhost = new_vhost
-
-        if self._has_certbot_redirect(vhost):
-            logger.info("Traffic on port %s already redirecting to ssl in %s",
-                self.DEFAULT_LISTEN_PORT, vhost.filep)
-        elif vhost.has_redirect():
-            if not self._has_certbot_redirect_comment(vhost):
-                self._add_redirect_block(vhost, active=False)
-            logger.info("The appropriate server block is already redirecting "
-                        "traffic. To enable redirect anyway, uncomment the "
-                        "redirect lines in %s.", vhost.filep)
-        else:
-            # Redirect plaintextish host to https
-            self._add_redirect_block(vhost, active=True)
-            logger.info("Redirecting all traffic on port %s to ssl in %s",
-                self.DEFAULT_LISTEN_PORT, vhost.filep)
+        self.parser.add_server_directives(
+            vhost, redirect_block, replace=False)

    def _enable_ocsp_stapling(self, domain, chain_path):
        """Include OCSP response in TLS handshake
Author	SHA1	Message	Date
Brad Warren	c95f3ff063	try again	2018-01-23 19:47:34 -08:00
Brad Warren	62bc840407	try again	2018-01-23 19:39:35 -08:00
Brad Warren	d38843c0ef	better spacing?2	2018-01-23 19:34:38 -08:00
Brad Warren	aebf24e9bb	better spacing?	2018-01-23 19:29:30 -08:00
Brad Warren	9f1467d2db	implement simple redirect	2018-01-23 19:25:20 -08:00