How to avoid redirecting letsencrypt requests to https with nginx
Posted: Fri Nov 24, 2017 11:37 pm
Using nginx + php5-fpm and letsencrypt. My goal is to have all sites redirect everything to https except for the .well-known directory for letsencrypt renewals of certificates. The problem is (1) I can't seem to find the right magic formula for only redirecting stuff other than what's under .well-known within the confines of the configs of vestacp and (2) When I disable https redirect, the renewal link returns a 404 error to the browser when I check it, so it fails to renew with v-update-letsencrypt-ssl
I've tried a number of variations on this kind of answer:
https://serverfault.com/questions/81434 ... ect=1&lq=1
The problem is that location / is already captured earlier in the default.tpl and I'm not able to get the config to recognize an exception. Pasted here is my current default.tpl (without any modifications per the above link).
Has anyone using this setup figured out a solution to this issue? I don't want to have to jump through hoops every renewal.
I've tried a number of variations on this kind of answer:
https://serverfault.com/questions/81434 ... ect=1&lq=1
The problem is that location / is already captured earlier in the default.tpl and I'm not able to get the config to recognize an exception. Pasted here is my current default.tpl (without any modifications per the above link).
Has anyone using this setup figured out a solution to this issue? I don't want to have to jump through hoops every renewal.
Code: Select all
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location / {
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}