From 3f12bba6e0e8e0f0a03d1af660e5c48412101b87 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Tue, 20 Oct 2015 19:34:32 -0600
Subject: [PATCH] ansible: nginx configs for HTTPS

Add HTTPS to the jenkins web server to protect authentication.

The key and certificate files are managed outside of Ansible.
---
 ansible/roles/ansible-jenkins/templates/jenkins.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ansible/roles/ansible-jenkins/templates/jenkins.conf b/ansible/roles/ansible-jenkins/templates/jenkins.conf
index 5f498e52..b60b07ad 100644
--- a/ansible/roles/ansible-jenkins/templates/jenkins.conf
+++ b/ansible/roles/ansible-jenkins/templates/jenkins.conf
@@ -2,9 +2,14 @@
 
 server {
     listen       80 default_server;
+    listen       443 default_server ssl;
 
     server_name  localhost {{ ansible_fqdn }};
 
+    ssl_certificate     /etc/ssl/certs/{{ ansible_fqdn }}-bundled.crt;
+    ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
     access_log  /var/log/nginx/jenkins_access.log;
     error_log  /var/log/nginx/jenkins_error.log;
 
@@ -17,5 +22,9 @@ server {
       proxy_pass          http://127.0.0.1:8080;
       proxy_read_timeout  90;
 
+      # Redirect all plaintext HTTP to HTTPS
+      if ($scheme != "https") {
+         rewrite ^ https://$host$uri permanent;
+      }
     }
 }
-- 
2.39.5