add nginx proxy variables

defaults/main.yml

@@ -87,7 +87,7 @@ matrix_iptables_enabled: False
 matrix_open_ports:
   - name: allow_matrix_web
     rules: |
-      -A INPUT -m state --state NEW -p tcp --dport {{ matrix_bind_port }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport {{ matrix_http_bind_port }} -j ACCEPT
     state: present
 
 matrix_tls_enabled: False
@@ -104,3 +104,5 @@ matrix_nginx_iptables_enabled: False
 matrix_nginx_tls_enabled: False
 matrix_nginx_tls_cert_file: matrix-cert.pem
 matrix_nginx_tls_key_file: matrix-key.pem
+matrix_nginx_proxy_port: "{{ matrix_http_bind_port }}"
+matrix_nginx_proxy_ip: "{{ matrix_http_bind_ips[0] }}"

templates/nginx/vhost.j2

@@ -1,7 +1,7 @@
 #jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
 upstream backend_matrix {
-    server {{ matrix_bind_ip }}:{{ matrix_bind_port }};
+    server {{ matrix_nginx_proxy_ip }}:{{ matrix_nginx_proxy_port }};
 }
 
 server {
@@ -14,7 +14,7 @@ server {
     return 301 https://$server_name$request_uri;
     {% else %}
     location / {
-        proxy_pass http://backend_matrix;
+        proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix;
         proxy_set_header X-Forwarded-For $remote_addr;
     }
     {% endif %}
@@ -28,7 +28,7 @@ server {
     client_max_body_size 200M;
 
     location / {
-        proxy_pass http://backend_matrix;
+        proxy_pass {{ 'https' if matrix_tls_enabled else 'http' }}://backend_matrix;
         proxy_set_header X-Forwarded-For $remote_addr;
     }