From ee3d7d3a4e9af87de0e5cfc5a03bc7f7511a8025 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Sun, 9 Jun 2024 11:15:53 +0200
Subject: [PATCH] [mod] role:espe_backend-and-nginx

---
 roles/espe_backend-and-nginx/defaults/main.json | 3 ++-
 roles/espe_backend-and-nginx/templates/conf.j2  | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/espe_backend-and-nginx/defaults/main.json b/roles/espe_backend-and-nginx/defaults/main.json
index fba6451..4cab347 100644
--- a/roles/espe_backend-and-nginx/defaults/main.json
+++ b/roles/espe_backend-and-nginx/defaults/main.json
@@ -1,4 +1,5 @@
 {
 	"var_espe_backend_and_nginx_domain": "espe.example.org",
-	"var_espe_backend_and_nginx_port": 4916
+	"var_espe_backend_and_nginx_port": 4916,
+	"var_espe_backend_and_nginx_tls": true
 }
diff --git a/roles/espe_backend-and-nginx/templates/conf.j2 b/roles/espe_backend-and-nginx/templates/conf.j2
index 454f22e..362c8a4 100644
--- a/roles/espe_backend-and-nginx/templates/conf.j2
+++ b/roles/espe_backend-and-nginx/templates/conf.j2
@@ -8,12 +8,14 @@ server {
 	
 	listen 80;
 	listen [::]:80;
+{% if var_espe_backend_and_nginx_tls %}
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
 	ssl_certificate /etc/ssl/certs/{{var_espe_backend_and_nginx_domain}}.pem;
 	ssl_certificate_key /etc/ssl/private/{{var_espe_backend_and_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
+{% endif %}
 	
 	location / {
 		proxy_pass http://localhost:{{var_espe_backend_and_nginx_port | string}};