On Wed, Mar 07, 2018 at 04:55:15PM +0000, Lucas Rolff wrote:
Hi there,
> This means I have something like:
>
> 1: location ~* /.well-known
> 2: if condition doing redirect if protocol is http
> 3: location /
> 4: location /api
> 5: location /test
>
> All my templates include 1 to 3, and *might* have additional locations.
> My issue is – because of this if condition that does the redirect to https –
> it also applies to my location ~* /.well-known – thus causing a redirect, and
> I want to prevent this, since it breaks the Let’s Encrypt validation (they do
> not accept 301 redirects).
> Is there a smart way without adding too much complexity, which is still
> super-fast (I know if is evil) ?
As phrased, I think the short answer to your question is "no".
However...
You optionally redirect things from http to https. Is that "you want
to redirect *everything* from http to https, apart from the letsencrypt
thing"? If so, you could potentially have just one
server {
listen 80;
location / { return 301 https://$host$uri; }
location /.well-known/ { proxy_pass
http://letsencrypt.validation.backend.com; }
}
and a bunch of
server {
listen 443;
}
blocks.
Or: you use $sslproxy_protocol. Where does that come from?
If it is a thing that you create to decide whether or not to redirect
to https, then could you include a check for whether the request starts
with /.well-known/, and if so set it to something other than "http"?
f
--
Francis Daly fran...@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
