bundles/nginx: support disabling ssl for each vhost individually

bundles/nginx/metadata.py

@@ -30,7 +30,6 @@ defaults = {
     },
     'nginx': {
         'worker_connections': 768,
-        'use_ssl_for_all_connections': True,
     },
 }
 
@@ -49,16 +48,21 @@ def worker_processes(metadata):
 @metadata_reactor.provides(
     'letsencrypt/domains',
     'letsencrypt/reload_after',
+    'nginx/vhosts',
 )
 def letsencrypt(metadata):
     if not node.has_bundle('letsencrypt'):
         raise DoNotRunAgain
 
     domains = {}
+    vhosts = {}
 
     for vhost, config in metadata.get('nginx/vhosts', {}).items():
         domain = config.get('domain', vhost)
         domains[domain] = config.get('domain_aliases', set())
+        vhosts[vhost] = {
+            'ssl': 'letsencrypt',
+        }
 
     return {
         'letsencrypt': {
@@ -67,6 +71,9 @@ def letsencrypt(metadata):
                 'nginx',
             },
         },
+        'nginx': {
+            'vhosts': vhosts,
+        },
     }
 
 
@@ -105,7 +112,7 @@ def monitoring(metadata):
     for vname, vconfig in metadata.get('nginx/vhosts', {}).items():
         domain = vconfig.get('domain', vname)
 
-        if metadata.get('nginx/use_ssl_for_all_connections'):
+        if vconfig['ssl']:
             scheme = 'https'
         else:
             scheme = 'http'
@@ -118,7 +125,7 @@ def monitoring(metadata):
                 'vars.notification.sms': True,
             }
 
-        if vconfig.get('check_ssl', metadata.get('nginx/use_ssl_for_all_connections')):
+        if vconfig.get('check_ssl', vconfig['ssl']):
             services['NGINX VHOST {} CERTIFICATE'.format(vname)] = {
                 'check_command': 'check_https_cert_at_url',
                 'vars.domain': domain,