diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index bd49c1cbec982db95b7d6e20d3a1c2267e04b832..3c2eb2c371cc29eac2a57017213c92e492c80cb3 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -1,6 +1,11 @@ --- dhparam_bits: 2048 +# Ports that NGINX should bind to. Only change if you are setting +# up transparent proxies or other network-level trickery on frontends. +nginx_http_port: 80 +nginx_https_port: 443 + # How much memory to use for key caching in the proxy_cache. nginx_cache_keys_mem: "64m" diff --git a/roles/nginx/templates/config/sites-available/default b/roles/nginx/templates/config/sites-available/default index 0fe9aa8d5a7a2b96ed4392fc097836ee64331cd8..a53bb7f743ed3f2bca2ddf77d2fecc6e8f6362ba 100644 --- a/roles/nginx/templates/config/sites-available/default +++ b/roles/nginx/templates/config/sites-available/default @@ -9,7 +9,7 @@ map $http_host $top_level_domain_redirect { } server { - listen [::]:80 default_server ipv6only=off; + listen [::]:{{ nginx_http_port }} default_server ipv6only=off; server_name _; {# Only enable this if the 'acme' service is defined, @@ -33,7 +33,7 @@ server { } server { - listen [::]:443 http2 default_server ipv6only=off; + listen [::]:{{ nginx_https_port }} http2 default_server ipv6only=off; server_name _; ssl on; diff --git a/roles/nginx/templates/nginx-vhost.j2 b/roles/nginx/templates/nginx-vhost.j2 index 9ed9014a1858d472735eaee86993a3c06455a8d9..74c1245153f3b523da4369a590b5d204067dd483 100644 --- a/roles/nginx/templates/nginx-vhost.j2 +++ b/roles/nginx/templates/nginx-vhost.j2 @@ -23,7 +23,7 @@ {% macro config_vhost(endpoint, shard=None) %} server { - listen [::]:443 http2; + listen [::]:{{ nginx_https_port }} http2; {% if endpoint.domains %} server_name {{ endpoint.domains | join(' ') }}; {% else %}