Conditionally add HTTPS inbound allow firewall rule (#1530)

Add code to conditionally add HTTPS inbound allow firewall rule. Use `delete` parameter for toggling https firewall allow rule based on if any sites don't use SSL.
roots · Aug 18, 2024 · 1e505b3 · 1e505b3
1 parent a44d687
commit 1e505b3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/group_vars/all/security.yml b/group_vars/all/security.yml
@@ -2,8 +2,12 @@
 
 ferm_input_list:
   - type: dport_accept
-    dport: [http, https]
+    dport: [http]
     filename: nginx_accept
+  - type: dport_accept
+    dport: [https]
+    filename: nginx_accept_https
+    delete: "{{ not (sites_use_ssl | bool) }}"
   - type: dport_accept
     dport: [ssh]
     saddr: "{{ ip_whitelist }}"