From ae017588fe0b7f736bfa5c9836e5ab2d38b564f6 Mon Sep 17 00:00:00 2001
From: Paul Dorn <Paul.Dorn@redlion.net>
Date: Tue, 18 Sep 2018 12:20:49 -0500
Subject: [PATCH] Allow VIRTUAL_LISTEN_* to be lists and add 80/443

---
 nginx.tmpl | 68 +++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 54 insertions(+), 14 deletions(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index 9bc63ae..7e3a099 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -124,12 +124,6 @@ server {
 # {{ $host }}
 upstream {{ $upstream_name }} {
 
-{{/* Get the VIRTUAL_LISTEN_HTTP defined by containers w/ the same vhost, falling back to "80" */}}
-{{ $listen_http := trim (or (first (groupByKeys $containers "Env.VIRTUAL_LISTEN_HTTP")) "80") }}
-
-{{/* Get the VIRTUAL_LISTEN_HTTPS defined by containers w/ the same vhost, falling back to "443" */}}
-{{ $listen_https := trim (or (first (groupByKeys $containers "Env.VIRTUAL_LISTEN_HTTPS")) "443") }}
-
 {{ range $container := $containers }}
 	{{ $addrLen := len $container.Addresses }}
 
@@ -157,6 +151,12 @@ upstream {{ $upstream_name }} {
 {{ end }}
 }
 
+{{/* Get the VIRTUAL_LISTEN_HTTP defined by containers w/ the same vhost, falling back to "80" */}}
+{{ $listen_http := (groupByKeys $containers "Env.VIRTUAL_LISTEN_HTTP")  }}
+
+{{/* Get the VIRTUAL_LISTEN_HTTPS defined by containers w/ the same vhost, falling back to "443" */}}
+{{ $listen_https := (groupByKeys $containers "Env.VIRTUAL_LISTEN_HTTPS") }}
+
 {{ $default_host := or ($.Env.DEFAULT_HOST) "" }}
 {{ $default_server := index (dict $host "" $default_host "default_server") $host }}
 
@@ -199,9 +199,17 @@ upstream {{ $upstream_name }} {
 {{ if eq $https_method "redirect" }}
 server {
 	server_name {{ $host }};
-	listen {{ $listen_http }} {{ $default_server }};
+	{{ if not (intersect $listen_http (split "80" ",")) }}
+	listen 80 {{ $default_server }};
+	{{ end }}
+	{{ range $i, $lport := $listen_http }}
+	listen {{ $lport }} {{ $default_server }};
+	{{ end }}
 	{{ if $enable_ipv6 }}
-	listen [::]:{{ $listen_http }} {{ $default_server }};
+	{{ range $i, $lport := $listen_http }}
+	listen [::]:{{ $lport }} {{ $default_server }};
+	{{ end }}
+
 	{{ end }}
 	access_log /var/log/nginx/access.log vhost;
 	return 301 https://$host$request_uri;
@@ -210,9 +218,20 @@ server {
 
 server {
 	server_name {{ $host }};
-	listen {{ $listen_https }} ssl http2 {{ $default_server }};
+	{{ if not (intersect $listen_https (split "443" ",")) }}
+	listen 443 ssl http2 {{ $default_server }};
+	{{ end }}
+
+	{{ range $i, $lport := $listen_https }}
+	listen {{ $lport }} ssl http2 {{ $default_server }};
+	{{ end }}
 	{{ if $enable_ipv6 }}
-	listen [::]:{{ $listen_https }} ssl http2 {{ $default_server }};
+	{{ if not (intersect $listen_https (split "443" ",")) }}
+	listen [::]:443 ssl http2 {{ $default_server }};
+	{{ end }}
+	{{ range $i, $lport := $listen_https }}
+	listen [::]:{{ $lport }} ssl http2 {{ $default_server }};
+	{{ end }}
 	{{ end }}
 	access_log /var/log/nginx/access.log vhost;
 
@@ -308,9 +327,20 @@ server {
 
 server {
 	server_name {{ $host }};
-	listen {{ $listen_http }} {{ $default_server }};
+	{{ if not (intersect $listen_http (split "80" ",")) }}
+	listen 80 {{ $default_server }};
+	{{ end }}
+	
+	{{ range $i, $lport := $listen_http }}
+	listen {{ $lport }} {{ $default_server }};
+	{{ end }}
 	{{ if $enable_ipv6 }}
-	listen [::]:{{ $listen_http }} {{ $default_server }};
+	{{ if not (intersect $listen_http (split "80" ",")) }}
+	listen [::]:80 {{ $default_server }};
+	{{ end }}
+	{{ range $i, $lport := $listen_http }}
+	listen [::]:{{ $lport }} {{ $default_server }};
+	{{ end }}
 	{{ end }}
 	access_log /var/log/nginx/access.log vhost;
 
@@ -351,9 +381,19 @@ server {
 {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name {{ $host }};
-	listen {{ $listen_https }} ssl http2 {{ $default_server }};
+	{{ if not (intersect $listen_https (split "443" ",")) }}
+	listen 443 {{ $default_server }};
+	{{ end }}
+	{{ range $i, $lport := $listen_https }}
+	listen {{ $lport }} {{ $default_server }};
+	{{ end }}
 	{{ if $enable_ipv6 }}
-	listen [::]:{{ $listen_https }} ssl http2 {{ $default_server }};
+	{{ if not (intersect $listen_https (split "443" ",")) }}
+	listen [::]:443 {{ $default_server }};
+	{{ end }}
+	{{ range $i, $lport := $listen_https }}
+	listen [::]:{{ $lport }} {{ $default_server }};
+	{{ end }}
 	{{ end }}
 	access_log /var/log/nginx/access.log vhost;
 	return 500;