thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 01:38:15 +00:00
Code Issues Releases Wiki Activity

Improve acme-challenge handling

Browse Source 
So that there is no need anymore for the Let's Encrypt companion to fiddle
with vhosts nginx configuration.

When `HTTPS_METHOD=nohttp` and the certificate is missing, enforce nohttp
instead of switching to `HTTPS_METHOD=redirect`.
This commit is contained in:
Gilles Filippini 2024-05-09 23:28:34 +02:00
parent db07d90ad8
commit 6c1b532ffb
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nginx.tmpl
View File

@ -762,6 +762,16 @@ server {
{{- if $globals.enable_ipv6 }}
listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
{{- end }}
{{- if (eq $vhost.https_method "noredirect") }}
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
{{- end }}
{{- end }}
{{- if ne $vhost.https_method "nohttps" }}
listen {{ $globals.external_https_port }} ssl {{ $default_server }};

4
test/test_ssl/test_noredirect.py
View File

@ -19,9 +19,9 @@ def test_web2_HSTS_policy_is_inactive(docker_compose, nginxproxy):
assert "Strict-Transport-Security" not in r.headers
def test_web3_acme_challenge_does_not_work(docker_compose, nginxproxy, acme_challenge_path):
def test_web3_acme_challenge_does_work(docker_compose, nginxproxy, acme_challenge_path):
r = nginxproxy.get(
f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
allow_redirects=False
)
assert r.status_code == 404
assert r.status_code == 200