Merge pull request openedx-unsupported#2689 from edx/arbab/fix-nginx-with-elif

use the elif instead of second if statement

Author: arbabnazar

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/analytics_api.j2

@@ -16,8 +16,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+ 
+    {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/cms.j2

@@ -51,8 +51,8 @@ error_page {{ k }} {{ v }};
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/credentials.j2

@@ -52,19 +52,29 @@ location @proxy_to_app {
     proxy_redirect off;
     proxy_pass http://credentials_app_server;
   }
-{% if NGINX_SET_X_FORWARDED_HEADERS %}
-   if ($scheme != "https") {
-    rewrite ^ https://$host$uri permanent;
-   }
- {% else %}
-  # Forward to HTTPS if we're an HTTP request...
-  if ($http_x_forwarded_proto = "http") {
-    set $do_redirect "true";
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
+  {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
+  # Redirect http to https over single instance
+  if ($scheme != "https") 
+  { 
+   set $do_redirect_to_https "true";
   }
+ 
+    {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
-  # Run our actual redirect...
-  if ($do_redirect = "true") {
-    rewrite ^ https://$host$request_uri? permanent;
+  # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
+  if ($http_x_forwarded_proto = "http") 
+  {
+   set $do_redirect_to_https "true";
   }
- {% endif %}
+     {% endif %}
+
+  # Execute the actual redirect
+  if ($do_redirect_to_https = "true")
+  {
+  rewrite ^ https://$host$request_uri? permanent;
+  }
+  {% endif %}
 }

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ecommerce.j2

@@ -39,8 +39,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 
   {

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2

@@ -16,8 +16,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+  
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/insights.j2

@@ -42,8 +42,8 @@ location @proxy_to_app {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/kibana.j2

@@ -32,8 +32,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms-preview.j2

@@ -85,8 +85,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2

@@ -71,8 +71,8 @@ error_page {{ k }} {{ v }};
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http") 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/programs.j2

@@ -40,8 +40,8 @@ server {
   { 
    set $do_redirect_to_https "true";
   }
-     {% endif %}
-  {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+     {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
 
   # Forward to HTTPS if we're an HTTP request... and the server is behind ELB 
   if ($http_x_forwarded_proto = "http")