From ab5b7c1d297231f59d18cc3859885e5956d4ca54 Mon Sep 17 00:00:00 2001
From: CPunch <sethtstubbs@gmail.com>
Date: Sun, 10 Mar 2024 13:52:04 -0500
Subject: [PATCH] nginx: add http redirect to https

---
 roles/nginx/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 596f446..5789536 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -36,11 +36,17 @@
           ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
           ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
           ssl_ciphers         HIGH:!aNULL:!MD5;
+      - listen: "80" # redirect http requests to https
+        server_name: "{{ domain }}"
+        return: "301 https://{{ domain }}$request_uri"
+        filename: "{{ domain }}.80.conf"
       - listen: "443 ssl http2"
         server_name: "git.{{ domain }}"
         client_max_body_size: "512M"
         extra_parameters: |
           listen [::]:443 ssl http2;
+          listen 80;
+          listen [::]:80;
           location / {
             add_header Permissions-Policy interest-cohort=();
             proxy_pass http://localhost:{{ giteaPort }};
@@ -55,6 +61,10 @@
           ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
           ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
           ssl_ciphers         HIGH:!aNULL:!MD5;
+      - listen: "80" # redirect http requests to https
+        server_name: "git.{{ domain }}"
+        return: "301 https://git.{{ domain }}$request_uri"
+        filename: "git.{{ domain }}.80.conf"
       - listen: "127.0.0.1:2171"
         server_name: "{{ onionDomain }}"
         root: "/var/www/{{ domain }}/tor"