<html><head></head><body><div class="ydp13d2e648yahoo-style-wrap" style="font-family: Helvetica, Arial, sans-serif; font-size: 16px;"><div>Hello Moshe,<br><div>Thank you very much for your quick and detailed answer.<br>Have a nice day !<br></div></div><div></div>
<div><br></div><div><br></div>
</div><div id="yahoo_quoted_4241836124" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
Le dimanche 2 décembre 2018 à 23:57:25 UTC+1, Moshe Katz <kohenkatz@gmail.com> a écrit :
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv9370515524"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Here is a sample working configuration from one of my servers. Note that it uses separate `server` blocks for HTTP and HTTPS to make it easier to read.<div><br clear="none"></div><div><font face="monospace, monospace">server {<br clear="none"></font></div><div><div><font face="monospace, monospace"> listen 80;</font></div><div><font face="monospace, monospace"> listen [::]:80;</font></div><div><font face="monospace, monospace"> server_name <a rel="nofollow" shape="rect" target="_blank" href="http://server.example.com">server.example.com</a>;</font></div><div><font face="monospace, monospace"><br clear="none"></font></div><div><font face="monospace, monospace"> location ~ /\.well-known {</font></div><div><font face="monospace, monospace"> root /path/to/site;</font></div><div><font face="monospace, monospace"> }</font></div><div><font face="monospace, monospace"><br clear="none"></font></div><div><div><font face="monospace, monospace"> location / {</font></div><div><font face="monospace, monospace"> return 301 https://$host$request_uri;</font></div><div><font face="monospace, monospace"> }</font></div></div><div><font face="monospace, monospace">}</font></div></div><div><font face="monospace, monospace"><br clear="none"></font></div><div><div><font face="monospace, monospace">server {</font></div><div><font face="monospace, monospace"> listen 443 ssl http2;<br clear="none"></font></div><div><font face="monospace, monospace"> listen [::]:443 ssl http2;</font></div><div><div><font face="monospace, monospace"> server_name <a rel="nofollow" shape="rect" target="_blank" href="http://server.example.com">server.example.com</a>;</font></div><font face="monospace, monospace"><br class="yiv9370515524gmail-Apple-interchange-newline" clear="none"></font></div><div><font face="monospace, monospace"> root /path/to/site;<br clear="none"></font></div><div><font face="monospace, monospace"><br clear="none"></font></div><div><font face="monospace, monospace"> # rest of server config left our for brevity...</font></div><div><font face="monospace, monospace">}</font></div></div><div><br clear="none"></div><div>Doing it this way has a side benefit if you have many sites running on a single server and you would like all of them to use LetsEncrypt and to be redirected to HTTPS.</div><div>You can change the HTTP `server` block to look like this:</div><div><br clear="none"></div><div><div><font face="monospace, monospace">server {</font></div><div><font face="monospace, monospace"> listen 80 default_server;</font></div><div><font face="monospace, monospace"> listen [::]:80 default_server;</font></div><div><br clear="none"></div><div><div><font face="monospace, monospace"> location ~ /\.well-known {</font></div><div><span style="font-family:monospace, monospace;"> # ALL LetsEncrypt authorizations will be done in this single shared folder.</span></div><div><span style="font-family:monospace, monospace;"> # This means you can issue the certificate using the LetsEncrypt command line</span></div><div><span style="font-family:monospace, monospace;"> # and then create the `server` block which already includes the correct path to the certificate.</span> <font face="monospace, monospace"><br clear="none"></font></div><div><font face="monospace, monospace"> root /var/www/html;</font></div><div><font face="monospace, monospace"> }</font></div><div><font face="monospace, monospace"><br clear="none"></font></div><div><div><font face="monospace, monospace"> location / {</font></div><div><font face="monospace, monospace"> return 301 https://$host$request_uri;</font></div><div><font face="monospace, monospace"> }</font></div></div></div><div><span style="font-family:monospace, monospace;">}</span><br clear="none"></div></div><div><br clear="none"></div><div>You then only need to create HTTPS `server` blocks for each site, which makes your configuration much simpler.</div><div><br clear="none"></div><div>Moshe</div><div><br clear="all"><div><div class="yiv9370515524gmail_signature" dir="ltr"><div dir="ltr">--<br clear="none">Moshe Katz<br clear="none">-- <a rel="nofollow" shape="rect" ymailto="mailto:kohenkatz@gmail.com" target="_blank" href="mailto:kohenkatz@gmail.com">kohenkatz@gmail.com</a><br clear="none">-- +1(301)867-3732</div></div></div><br clear="none"></div></div></div></div></div></div></div><br clear="none"><div class="yiv9370515524yqt2165508681" id="yiv9370515524yqt87024"><div class="yiv9370515524gmail_quote"><div dir="ltr">On Sun, Dec 2, 2018 at 5:09 PM Moshe Katz <<a rel="nofollow" shape="rect" ymailto="mailto:kohenkatz@gmail.com" target="_blank" href="mailto:kohenkatz@gmail.com">kohenkatz@gmail.com</a>> wrote:<br clear="none"></div><blockquote class="yiv9370515524gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>I believe you need to put the `return 301 ...` inside a location block too. Otherwise, it overrides all the location blocks.<div><br clear="none"></div><div>I'm on my phone now, but I'll try to share a sample file from one of my servers (that works as you want it) when I get back to my computer.</div><div><br clear="none"></div><div>Moshe</div><div><br clear="none"></div></div><br clear="none"><div class="yiv9370515524gmail_quote"><div dir="ltr">On Sun, Dec 2, 2018, 5:03 PM Mik J via nginx <<a rel="nofollow" shape="rect" ymailto="mailto:nginx@nginx.org" target="_blank" href="mailto:nginx@nginx.org">nginx@nginx.org</a> wrote:<br clear="none"></div><blockquote class="yiv9370515524gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="yiv9370515524m_-5603495848539027000m_-6100706546047295826ydp1a37a54cyahoo-style-wrap" style="font-family:Helvetica, Arial, sans-serif;font-size:16px;">Hello,<br clear="none"><div><br clear="none"><div>I'd like to be able to offer let's encrypt in port 80 only and redirect everything else to port 443<br clear="none"><div><br clear="none"><span>server {<br clear="none"> listen 80;<br clear="none"> listen [::]:80;<br clear="none"> listen 443;<br clear="none"> listen [::]:443;<br clear="none"> server_name <a rel="nofollow" shape="rect" target="_blank" href="http://www.mydomain.org">http://www.mydomain.org</a> blog.<span><span><a rel="nofollow" shape="rect" target="_blank" href="http://mydomain.org">mydomain.org</a></span></span>;<br clear="none"> location ^~ /.well-known/acme-challenge { default_type "text/plain"; root /var/www/letsencrypt; }<br clear="none"> location = /.well-known/acme-challenge/ { return 404; }<br clear="none"> return 301 https:// <span><span><a rel="nofollow" shape="rect" target="_blank" href="http://mydomain.org">mydomain.org</a></span></span>;<br clear="none">}<br clear="none"><br clear="none"></span><div>My problem is that everything is redirected and I cannot access a file in <span><span>/var/www/letsencrypt/<span><span>.well-known/acme-challenge</span></span><br clear="none"></span></span><div><span><span>When I comment the return 301 it works but I loose the redirection.</span></span></div><div><br clear="none"><div><div>It seems to me that nginx parses everything where I would expect it to stop at<br clear="none"><div><span><span>location ^~ /.well-known/acme-challenge { default_type "text/plain"; root /var/www/letsencrypt; }</span><br clear="none"></span><span></span><div><br clear="none">Does anyone know the trick ?<br clear="none"></div></div></div><span><span></span></span></div></div></div></div></div></div></div></div>_______________________________________________<br clear="none">
nginx mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:nginx@nginx.org" target="_blank" href="mailto:nginx@nginx.org">nginx@nginx.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>
</blockquote></div></div></div></div></div>
</div>
</div></body></html>