From 91c2d4efbe1dc1ea852b2d9e327d2712e31c96aa Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Tue, 11 Oct 2016 07:49:52 +0200 Subject: [PATCH] do not redirect when requesting let's encrypt certificates in nginx (same as we do in apache) Signed-off-by: Michael Kaufmann (d00p) --- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index 6c454e12..6f765162 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -217,7 +217,9 @@ class nginx extends HttpConfigBase } else { $_sslport = $this->checkAlternativeSslPort(); $mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/'; - $this->nginx_data[$vhost_filename] .= "\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n"; + $this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n"; + $this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n"; + $this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n"; } } @@ -458,7 +460,9 @@ class nginx extends HttpConfigBase if (substr($uri, - 1) == '/') { $uri = substr($uri, 0, - 1); } - $vhost_content .= "\t" . 'return 301 ' . $uri . '$request_uri;' . "\n"; + $vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n"; + $vhost_content .= "\t\t" . 'return 301 ' . $uri . '$request_uri;' . "\n"; + $vhost_content .= "\t" . '}' . "\n"; } else { mkDirWithCorrectOwnership($domain['customerroot'], $domain['documentroot'], $domain['guid'], $domain['guid'], true);