Question: How to set the default listening port?

[finalhow]

I've created server resources in Hiera yaml and have it configured on port 443. I need NGINX to listen only on port 443, and NOT on port 80. That one will be in use by another listening server... Presently, I can not find a way to tell NGINX to stop listening on port 80. This configuration is defined in /etc/nginx/conf.d/default.conf.
This file appears to be static, and no matter what I define it always has a default server entry listening on port 80.

I'm considering using the puppet 'file' resource to set it as 'absent' so it gets deleted, but I'm sure this is not the proper way to handle this.

A little bit of help would be greatly appreciated!

[ubellavance]

From the readme: HTTPS only server

If you have set ssl => true and also set listen_port and ssl_port to the same value on the server, you will have a single HTTPS server listening on ssl_port. To add a location to this server set ssl => true and ssl_only => true on the location

[finalhow]

@ubellavance Thanks, I was missing the ssl_only, which is rather silly since I did read that.

It seems I can't add this to the server block, so I must add that parameter to the locations block?

[ubellavance]

I can't remember if I ever had to create such a configuration but the readme says "If you have set ssl => true and also set listen_port and ssl_port to the same value on the server".

What makes you think that you can't add this to the server block? I wouldn't make any sense to put that on a location block, it really belongs to the server block.

[finalhow]

EDIT: My apologies, I hadn't seen your last comment. I think my browser hadn't refreshed properly until I submitted this comment. I agree that it wouldn't make sense to add the ssl_only to the location block, yet thats what the documentation seem to imply:

To add a location only to the HTTPS server, set both ssl => true and ssl_only => true on the location.

If I do set that property on the server block, I just get an error saying it has no such property available: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Nginx::Resource::Server[somedomain.com]: has no parameter named 'ssl_only' on node ...

With ssl_only enabled, I'm still unable to be rid of Nginx's default.conf file. My yaml config is as follows:

nginx::nginx_servers:
  'somedomain.com':
    listen_port: 443
    ssl_port: 443
    ssl: true
    ssl_cert: '/etc/letsencrypt/live/somedomain.com/fullchain.pem'
    ssl_key: '/etc/letsencrypt/live/somedomain.com/privkey.pem'
    use_default_location: false
nginx::nginx_locations:
  'somedomain':
    location: '/'
    server: somedomain.com
    ssl: true
    ssl_only: true
    proxy: 'https://localhost:8443'

Nginx still listens on port 80...

[finalhow]

@ubellavance I found the solution . Someone provided the answer in another post: #996 (comment)

Just to quote it:

This directive in /etc/nginx/nginx.conf enables default nginx site in any way:
include /etc/nginx/conf.d/*.conf;
To remove /etc/nginx/conf.d/default.conf use nginx::confd_purge: true

Thanks again for your help!