thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-07-01 06:15:45 +00:00
Code Issues Releases Wiki Activity

fix: force enable HTTP when both vhost and default cert are missing

Browse Source
This commit is contained in:
Nicolas Duchon
2024-11-03 21:06:23 +01:00
parent 57e503c830
commit 023a3d17da
6 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/README.md
View File

@ -580,13 +580,11 @@ By default, [HTTP Strict Transport Security (HSTS)](https://developer.mozilla.or
### Missing Certificate
If no matching certificate is found for a given virtual host, nginx-proxy will:
If no matching certificate is found for a given virtual host, nginx-proxy will configure nginx to use the default certificate (`default.crt` with `default.key`).
- configure nginx to use the default certificate (`default.crt` with `default.key`),
- force enable HTTP; i.e. `HTTPS_METHOD` will switch to `noredirect` if it was set to `nohttp` or `redirect`.
If this switch to HTTP is not wanted set `ENABLE_HTTP_ON_MISSING_CERT=false` (default is `true`).
If the default certificate is also missing, nginx-proxy will configure nginx to reject the SSL handshake. Client browsers will render a TLS error page. As of October 2024, web browsers display the following error messages:
If the default certificate is also missing, nginx-proxy will:
- force enable HTTP; i.e. `HTTPS_METHOD` will switch to `noredirect` if it was set to `nohttp` or `redirect`. If this switch to HTTP is not wanted set `ENABLE_HTTP_ON_MISSING_CERT=false` (default is `true`).
- configure nginx to reject the SSL handshake for this vhost. Client browsers will render a TLS error page. As of October 2024, web browsers display the following error messages:
#### Chrome: