From ad4e8254bb0276a0261a0b9ecd6bf78dc800ff71 Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Mon, 15 Apr 2019 15:36:36 -0600
Subject: [PATCH] Nginx: only do "no www." redirect in production

This redirect being first in the file meant that if someone tried to
access a dev version through any method except using "localhost" (such
as via the IP address), no server block would be matched, which causes
nginx to use the first one. That resulted in a 301 redirect to
tildes.net, which definitely shouldn't happen for a dev version.

This change both moves the redirect to the bottom, as well as only
adding it if it's the "prod" environment, since it's not needed in the
dev environment at all.
---
 salt/salt/nginx/tildes.conf.jinja2 | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/salt/salt/nginx/tildes.conf.jinja2 b/salt/salt/nginx/tildes.conf.jinja2
index 45700b9..e421b6c 100644
--- a/salt/salt/nginx/tildes.conf.jinja2
+++ b/salt/salt/nginx/tildes.conf.jinja2
@@ -12,16 +12,6 @@ map $sent_http_content_type $expires_type_map {
     ~image/ max;
 }
 
-# redirect www. to base domain
-server {
-    listen 80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    server_name www.tildes.net;
-    return 301 https://tildes.net$request_uri;
-}
-
 server {
     # remove trailing slash from addresses, the $port thing is a hack for
     # development in Vagrant, so the port forwarding from the host is kept
@@ -97,3 +87,15 @@ server {
         proxy_pass http://app_server;
     }
 }
+
+{% if grains["id"] == "prod" %}
+# redirect www. to base domain
+server {
+    listen 80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name www.tildes.net;
+    return 301 https://tildes.net$request_uri;
+}
+{% endif %}