location blocks, and if conditions in server context

Francis Daly francis at daoine.org
Thu Mar 8 08:43:40 UTC 2018


On Wed, Mar 07, 2018 at 04:55:15PM +0000, Lucas Rolff wrote:

Hi there,

> This means I have something like:
> 
> 1: location ~* /.well-known
> 2: if condition doing redirect if protocol is http
> 3: location /
> 4: location /api
> 5: location /test
> 
> All my templates include 1 to 3, and *might* have additional locations.

> My issue is – because of this if condition that does the redirect to https – it also applies to my location ~* /.well-known – thus causing a redirect, and I want to prevent this, since it breaks the Let’s Encrypt validation (they do not accept 301 redirects).

> Is there a smart way without adding too much complexity, which is still super-fast (I know if is evil) ?

As phrased, I think the short answer to your question is "no".

However...

You optionally redirect things from http to https. Is that "you want
to redirect *everything* from http to https, apart from the letsencrypt
thing"? If so, you could potentially have just one

  server {
    listen 80;
    location / { return 301 https://$host$uri; }
    location /.well-known/ { proxy_pass http://letsencrypt.validation.backend.com; }
  }

and a bunch of

  server {
    listen 443;
  }

blocks.

Or: you use $sslproxy_protocol. Where does that come from?

If it is a thing that you create to decide whether or not to redirect
to https, then could you include a check for whether the request starts
with /.well-known/, and if so set it to something other than "http"?

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list