From 33874b6dc2b29d5892319cc3ce9f52b5de5fe26c Mon Sep 17 00:00:00 2001
From: tugytur <33746108+tugytur@users.noreply.github.com>
Date: Wed, 10 Sep 2025 11:01:45 +0200
Subject: [PATCH 1/2] fix

---
 tasks/config/upload-config.yml |  2 +-
 templates/http/modules.j2      | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/tasks/config/upload-config.yml b/tasks/config/upload-config.yml
index 9a18b1b6..2c2753a9 100644
--- a/tasks/config/upload-config.yml
+++ b/tasks/config/upload-config.yml
@@ -52,7 +52,7 @@
         src: "{{ item['src'] }}"
         dest: "{{ item['dest'] | default('/etc/ssl/certs') }}"
         backup: "{{ item['backup'] | default(true) }}"
-        mode: "0640"
+        mode: "0644"
       loop: "{{ nginx_config_upload_ssl_crt }}"
       notify: (Handler - NGINX Config) Run NGINX
 
diff --git a/templates/http/modules.j2 b/templates/http/modules.j2
index 1efc1e6d..87f3bdf6 100644
--- a/templates/http/modules.j2
+++ b/templates/http/modules.j2
@@ -187,20 +187,20 @@ log_format {{ format['name'] }}{{ (' escape=' + format['escape'] | string) if fo
 {% if log['access'] is defined and log['access'] is boolean and not log['access'] | bool %}
 access_log {{ 'off' }};
 {% elif log['access'] is defined %}
-{% for log in log['access'] %}
-access_log {{ 'off' if not log else log['path'] if log['path'] is defined }}{{ (' ' + log['format'] | string) if log['format'] is defined -}}
-{{- (' buffer=' + log['buffer'] | string) if log['buffer'] is defined -}}
-{{- ' gzip' if log['gzip'] is defined and log['access']['gzip'] is boolean and log['gzip'] | bool else (' gzip=' + log['gzip'] | string) if log['gzip'] is defined and log['gzip'] is string -}}
-{{- (' flush=' + log['flush'] | string) if log['flush'] is defined -}}
-{{- (' if=' + log['if']) if log['if'] is defined }};
+{% for access_item in log['access'] %}
+access_log {{ 'off' if not access_item else access_item['path'] if access_item['path'] is defined }}{{ (' ' + access_item['format'] | string) if access_item['format'] is defined -}}
+{{- (' buffer=' + access_item['buffer'] | string) if access_item['buffer'] is defined -}}
+{{- ' gzip' if access_item['gzip'] is defined and access_item['gzip'] is boolean and access_item['gzip'] | bool else (' gzip=' + access_item['gzip'] | string) if access_item['gzip'] is defined -}}
+{{- (' flush=' + access_item['flush'] | string) if access_item['flush'] is defined -}}
+{{- (' if=' + access_item['if']) if access_item['if'] is defined }};
 {% endfor %}
 {% endif %}
 {% if log['error'] is defined %}{# This does not belong here but we are making an exception #}
-{% for log in log['error'] if (log['error'] is not mapping and log['error'] is not string) %}
-error_log {{ log if log is string else log['file'] }}{{ (' ' + log['level'] | string) if log['level'] is defined }};
+{% for error_item in log['error'] if (log['error'] is not mapping and log['error'] is not string) %}
+error_log {{ error_item if error_item is string else error_item['file'] }}{{ (' ' + error_item['level'] | string) if error_item['level'] is defined }};
+{% endfor %}
 {% else %}
 error_log {{ log['error'] if log['error'] is string else log['error']['file'] }}{{ (' ' + log['error']['level'] | string) if log['error']['level'] is defined }};
-{% endfor %}
 {% endif %}
 {% if log['open_log_file_cache'] is defined %}
 open_log_file_cache {{ 'off' if not log['open_log_file_cache'] else ('max=' + log['open_log_file_cache']['max'] | string) }}{{ (' inactive=' + log['open_log_file_cache']['inactive'] | string) if log['open_log_file_cache']['inactive'] is defined }}{{ (' min_uses=' + log['open_log_file_cache']['min_uses'] | string) if log['open_log_file_cache']['min_uses'] is defined and log['open_log_file_cache']['min_uses'] is number }}{{ (' valid=' + log['open_log_file_cache']['valid'] | string) if log['open_log_file_cache']['valid'] is defined }};

From 39826f74d42b357b5db6abe050b98ac33c81186d Mon Sep 17 00:00:00 2001
From: tugytur <33746108+tugytur@users.noreply.github.com>
Date: Wed, 10 Sep 2025 11:22:58 +0200
Subject: [PATCH 2/2] move endfor to correct old place

---
 templates/http/modules.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/http/modules.j2 b/templates/http/modules.j2
index 87f3bdf6..634f670d 100644
--- a/templates/http/modules.j2
+++ b/templates/http/modules.j2
@@ -198,9 +198,9 @@ access_log {{ 'off' if not access_item else access_item['path'] if access_item['
 {% if log['error'] is defined %}{# This does not belong here but we are making an exception #}
 {% for error_item in log['error'] if (log['error'] is not mapping and log['error'] is not string) %}
 error_log {{ error_item if error_item is string else error_item['file'] }}{{ (' ' + error_item['level'] | string) if error_item['level'] is defined }};
-{% endfor %}
 {% else %}
 error_log {{ log['error'] if log['error'] is string else log['error']['file'] }}{{ (' ' + log['error']['level'] | string) if log['error']['level'] is defined }};
+{% endfor %}
 {% endif %}
 {% if log['open_log_file_cache'] is defined %}
 open_log_file_cache {{ 'off' if not log['open_log_file_cache'] else ('max=' + log['open_log_file_cache']['max'] | string) }}{{ (' inactive=' + log['open_log_file_cache']['inactive'] | string) if log['open_log_file_cache']['inactive'] is defined }}{{ (' min_uses=' + log['open_log_file_cache']['min_uses'] | string) if log['open_log_file_cache']['min_uses'] is defined and log['open_log_file_cache']['min_uses'] is number }}{{ (' valid=' + log['open_log_file_cache']['valid'] | string) if log['open_log_file_cache']['valid'] is defined }};