avoid redirect

Moshe Katz kohenkatz at gmail.com
Sun Dec 2 22:57:21 UTC 2018


Here is a sample working configuration from one of my servers. Note that it
uses separate `server` blocks for HTTP and HTTPS to make it easier to read.

server {
        listen 80;
        listen [::]:80;
        server_name server.example.com;

        location ~ /\.well-known {
                root /path/to/site;
        }

        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name server.example.com;

        root /path/to/site;

        # rest of server config left our for brevity...
}

Doing it this way has a side benefit if you have many sites running on a
single server and you would like all of them to use LetsEncrypt and to be
redirected to HTTPS.
You can change the HTTP `server` block to look like this:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        location ~ /\.well-known {
                # ALL LetsEncrypt authorizations will be done in this
single shared folder.
                # This means you can issue the certificate using the
LetsEncrypt command line
                # and then create the `server` block which already includes
the correct path to the certificate.
                root /var/www/html;
        }

        location / {
                return 301 https://$host$request_uri;
        }
}

You then only need to create HTTPS `server` blocks for each site, which
makes your configuration much simpler.

Moshe

--
Moshe Katz
-- kohenkatz at gmail.com
-- +1(301)867-3732


On Sun, Dec 2, 2018 at 5:09 PM Moshe Katz <kohenkatz at gmail.com> wrote:

> I believe you need to put the `return 301 ...` inside a location block
> too. Otherwise, it overrides all the location blocks.
>
> I'm on my phone now, but I'll try to share a sample file from one of my
> servers (that works as you want it) when I get back to my computer.
>
> Moshe
>
>
> On Sun, Dec 2, 2018, 5:03 PM Mik J via nginx <nginx at nginx.org wrote:
>
>> Hello,
>>
>> I'd like to be able to offer let's encrypt in port 80 only and redirect
>> everything else to port 443
>>
>> server {
>>         listen 80;
>>         listen [::]:80;
>>         listen 443;
>>         listen [::]:443;
>>         server_name http://www.mydomain.org blog.mydomain.org;
>>         location ^~ /.well-known/acme-challenge { default_type
>> "text/plain"; root /var/www/letsencrypt; }
>>         location = /.well-known/acme-challenge/ { return 404; }
>>         return 301 https:// mydomain.org;
>> }
>>
>> My problem is that everything is redirected and I cannot access a file in
>> /var/www/letsencrypt/.well-known/acme-challenge
>> When I comment the return 301 it works but I loose the redirection.
>>
>> It seems to me that nginx parses everything where I would expect it to
>> stop at
>> location ^~ /.well-known/acme-challenge { default_type "text/plain"; root
>> /var/www/letsencrypt; }
>>
>> Does anyone know the trick ?
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20181202/51bf3788/attachment.html>


More information about the nginx mailing list