1 files changed, 46 insertions, 61 deletions

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 233c815bc..d7fcb74de 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -30,34 +30,34 @@ config_file = '/etc/nginx/sites-available/default'
 # Please be careful if you edit the template.
 config_tmpl = """
 
-### Autogenerated by http-api.py ###
+### Autogenerated by https.py ###
 # Default server configuration
 #
 server {
         listen 80 default_server;
         listen [::]:80 default_server;
         server_name _;
-        return 302 https://$server_name$request_uri;
+        return 301 https://$server_name$request_uri;
 }
 
-{% for addr, names in listen_addresses.items() %}
+{% for server in server_block_list %}
 server {
 
         # SSL configuration
         #
-{% if addr == '*' %}
-        listen 443 ssl default_server;
-        listen [::]:443 ssl default_server;
+{% if server.address == '*' %}
+        listen 443 ssl;
+        listen [::]:443 ssl;
 {% else %}
-        listen {{ addr }}:443 ssl;
+        listen {{ server.address }}:443 ssl;
 {% endif %}
 
-{% for name in names %}
+{% for name in server.name %}
         server_name {{ name }};
 {% endfor %}
 
-{% if vyos_cert %}
-        include {{ vyos_cert.conf }};
+{% if server.vyos_cert %}
+        include {{ server.vyos_cert.conf }};
 {% else %}
         #
         # Self signed certs generated by the ssl-cert package
@@ -68,45 +68,8 @@ server {
 
         # proxy settings for HTTP API, if enabled; 503, if not
         location ~ /(retrieve|configure|config-file|image) {
-{% if api %}
-                proxy_pass http://localhost:{{ api.port }};
-                proxy_buffering off;
-{% else %}
-                return 503;
-{% endif %}
-        }
-
-        error_page 501 502 503 =200 @50*_json;
-
-        location @50*_json {
-                default_type application/json;
-                return 200 '{"error": "Start service in configuration mode: set service https api"}';
-        }
-
-}
-{% else %}
-server {
-        # SSL configuration
-        #
-        listen 443 ssl default_server;
-        listen [::]:443 ssl default_server;
-
-        server_name _;
-
-{% if vyos_cert %}
-        include {{ vyos_cert.conf }};
-{% else %}
-        #
-        # Self signed certs generated by the ssl-cert package
-        # Don't use them in a production server!
-        #
-        include snippets/snakeoil.conf;
-{% endif %}
-
-        # proxy settings for HTTP API, if enabled; 503, if not
-        location ~ /(retrieve|configure) {
-{% if api %}
-                proxy_pass http://localhost:{{ api.port }};
+{% if server.api %}
+                proxy_pass http://localhost:{{ server.api.port }};
                 proxy_buffering off;
 {% else %}
                 return 503;
@@ -125,8 +88,16 @@ server {
 {% endfor %}
 """
 
+default_server_block = {
+    'address'   : '*',
+    'name'      : ['_'],
+    # api       :
+    # vyos_cert :
+    # le_cert   :
+}
+
 def get_config():
-    https = vyos.defaults.https_data
+    server_block_list = []
     conf = Config()
     if not conf.exists('service https'):
         return None
@@ -134,25 +105,36 @@ def get_config():
         conf.set_level('service https')
 
     if conf.exists('listen-address'):
-        addrs = {}
         for addr in conf.list_nodes('listen-address'):
-            addrs[addr] = ['_']
+            server_block = {'address' : addr}
+            server_block['name'] = ['_']
             if conf.exists('listen-address {0} server-name'.format(addr)):
                 names = conf.return_values('listen-address {0} server-name'.format(addr))
-                addrs[addr] = names[:]
-        https['listen_addresses'] = addrs
+                server_block['name'] = names[:]
+            server_block_list.append(server_block)
 
+    if not server_block_list:
+        server_block_list.append(default_server_block)
+
+    vyos_cert_data = {}
     if conf.exists('certificates'):
         if conf.exists('certificates system-generated-certificate'):
-            https['vyos_cert'] = vyos.defaults.vyos_cert_data
+            vyos_cert_data = vyos.defaults.vyos_cert_data
+    if vyos_cert_data:
+        for block in server_block_list:
+            block['vyos_cert'] = vyos_cert_data
 
+    api_data = {}
     if conf.exists('api'):
-        https['api'] = vyos.defaults.api_data
-
-    if conf.exists('api port'):
-        port = conf.return_value('api port')
-        https['api']['port'] = port
-
+        api_data = vyos.defaults.api_data
+        if conf.exists('api port'):
+            port = conf.return_value('api port')
+            api_data['port'] = port
+    if api_data:
+        for block in server_block_list:
+            block['api'] = api_data
+
+    https = {'server_block_list' : server_block_list}
     return https
 
 def verify(https):
@@ -162,6 +144,9 @@ def generate(https):
     if https is None:
         return None
 
+    if 'server_block_list' not in https or not https['server_block_list']:
+        https['server_block_list'] = [default_server_block]
+
     tmpl = jinja2.Template(config_tmpl, trim_blocks=True)
     config_text = tmpl.render(https)
     with open(config_file, 'w') as f: