Introduced SSL_ENABLED flag

group_vars/all/00_general.yml

@@ -22,12 +22,15 @@ HOST_TIME_FORMAT:         "HH:mm"
 HOST_THOUSAND_SEPARATOR:  "."
 HOST_DECIMAL_MARK:        ","
 
+# Encryptiom
+SSL_ENABLED:            true
+
 # Web
-WEB_PROTOCOL:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http
+WEB_PROTOCOL:           "{{ 'https' if SSL_ENABLED | bool else 'http' }}" # Web protocol type. Use https or http. If you run local you need to change it to http
-WEB_PORT:               "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}"  # Default port web applications will listen to
+WEB_PORT:               "{{ 443 if SSL_ENABLED | bool else 80 }}"         # Default port web applications will listen to
 
 # Websocket
-WEBSOCKET_PROTOCOL:     "{{ 'wss' if WEB_PROTOCOL == 'https' else 'ws' }}"
+WEBSOCKET_PROTOCOL:     "{{ 'wss' if SSL_ENABLED | bool else 'ws' }}"
 
 # WWW-Redirect to None WWW-Domains enabled
 WWW_REDIRECT_ENABLED:   "{{ ('web-opt-rdr-www' in group_names) | bool }}"

roles/web-app-bookwyrm/templates/env.j2

@@ -54,7 +54,7 @@ REDIS_ACTIVITY_URL="{{ BOOKWYRM_REDIS_ACTIVITY_URL }}"
 # Proxy (if BookWyrm sits behind reverse proxy)
 FORWARDED_ALLOW_IPS="*"
 USE_X_FORWARDED_HOST="true"
-SECURE_PROXY_SSL_HEADER="{{ (WEB_PORT == 443) | string | lower }}"
+SECURE_PROXY_SSL_HEADER="{{ SSL_ENABLED | bool | string | lower }}"
 
 # OIDC (optional – only if BOOKWYRM_OIDC_ENABLED)
 {% if BOOKWYRM_OIDC_ENABLED %}

roles/web-app-confluence/templates/env.j2

@@ -5,7 +5,7 @@ CONFLUENCE_HOME="{{ CONFLUENCE_HOME }}"
 ATL_PROXY_NAME={{ CONFLUENCE_HOSTNAME }}
 ATL_PROXY_PORT={{ WEB_PORT }}
 ATL_TOMCAT_SCHEME={{ WEB_PROTOCOL }}
-ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }}
+ATL_TOMCAT_SECURE={{ SSL_ENABLED | bool | lower }}
 JVM_MINIMUM_MEMORY={{ CONFLUENCE_JVM_MIN }}
 JVM_MAXIMUM_MEMORY={{ CONFLUENCE_JVM_MAX }}
 

roles/web-app-jira/templates/env.j2

@@ -11,7 +11,7 @@ ATL_JDBC_PASSWORD={{ database_password }}
 ATL_PROXY_NAME={{ JIRA_HOSTNAME }}
 ATL_PROXY_PORT={{ WEB_PORT }}
 ATL_TOMCAT_SCHEME={{ WEB_PROTOCOL }}
-ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }}
+ATL_TOMCAT_SECURE={{ SSL_ENABLED | bool | lower }}
 JVM_MINIMUM_MEMORY={{ JIRA_JVM_MIN }}
 JVM_MAXIMUM_MEMORY={{ JIRA_JVM_MAX }}
 

roles/web-app-magento/templates/env.j2

@@ -5,9 +5,9 @@
 # Host & URLs
 MAGENTO_URL="{{ MAGENTO_URL }}"
 MAGENTO_BACKEND_FRONTNAME="admin"
-MAGENTO_USE_SECURE={{ (WEB_PORT == 443) | ternary('1','0') }}
+MAGENTO_USE_SECURE={{ SSL_ENABLED | bool | ternary('1','0') }}
-MAGENTO_BASE_URL_SECURE={{ (WEB_PORT == 443) | ternary('1','0') }}
+MAGENTO_BASE_URL_SECURE={{ SSL_ENABLED | bool | ternary('1','0') }}
-MAGENTO_USE_SECURE_ADMIN={{ (WEB_PORT == 443) | ternary('1','0') }}
+MAGENTO_USE_SECURE_ADMIN={{ SSL_ENABLED | bool | ternary('1','0') }}
 
 # Admin (seed from global administrator)
 MAGENTO_ADMIN_USERNAME="{{ users.administrator.username }}"

roles/web-app-openproject/templates/env.j2

@@ -6,11 +6,11 @@
 # Please refer to our documentation to see all possible variables:
 #   https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 #
-OPENPROJECT_HTTPS={{ WEB_PORT == 443 | string | lower }}
+OPENPROJECT_HTTPS={{ SSL_ENABLED | bool | string | lower }}
 OPENPROJECT_HOST__NAME={{ domains | get_domain(application_id) }}
 OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
 IMAP_ENABLED=false
-OPENPROJECT_HSTS={{ WEB_PORT == 443 | string | lower }}
+OPENPROJECT_HSTS={{ SSL_ENABLED | bool | string | lower }}
 RAILS_CACHE_STORE: "memcache"
 OPENPROJECT_CACHE__MEMCACHE__SERVER: "cache:11211"
 OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ""

roles/web-app-wordpress/tasks/04_update_domain.yml

@@ -60,7 +60,7 @@
     --path={{ WORDPRESS_DOCKER_HTML_PATH }}
   register: wp_sr_scheme
   changed_when: "{{ ('Success: Made 0 replacements.' not in wp_sr_scheme.stdout) | bool }}"
-  when: WEB_PORT == 443
+  when: SSL_ENABLED | bool
 
 - name: Flush caches and rewrite rules
   command: >