diff options
| author | Wojtek Porczyk <[email protected]> | 2022-10-18 23:03:37 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-10-19 00:03:37 +0300 |
| commit | 3d109453c6def4c30b32e360668693f98339798e (patch) | |
| tree | 211303b3c8a7c7f50c0e9414a7592c47bf3ece9e /configs | |
| parent | 1a8546305d82595f6fe20fb7b6f8da04d5b717c4 (diff) | |
nginx: serve ACME challenges over unencrypted HTTP (#116)
RFC 8555 section 8.3 [1] states HTTP challenge MUST be served over TCP
port 80 and while the verification follows redirects, those are unneed
and migh be harmful in specific deployment scenarios.
[1] https://datatracker.ietf.org/doc/html/rfc8555#section-8.3
Signed-off-by: Wojtek Porczyk <[email protected]>
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/nginx/nginx.conf | 2 | ||||
| -rw-r--r-- | configs/nginx/redirect-to-https.conf | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index 6b08c68e..6305309e 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -39,6 +39,7 @@ http { server { server_name localhost; include /etc/kvmd/nginx/listen-http.conf; + include /etc/kvmd/nginx/certbot.ctx-server.conf; include /etc/kvmd/nginx/redirect-to-https.conf; } @@ -47,7 +48,6 @@ http { include /etc/kvmd/nginx/listen-https.conf; include /etc/kvmd/nginx/ssl.conf; include /etc/kvmd/nginx/kvmd.ctx-server.conf; - include /etc/kvmd/nginx/certbot.ctx-server.conf; include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; } } diff --git a/configs/nginx/redirect-to-https.conf b/configs/nginx/redirect-to-https.conf index 7cf185dd..385fb49a 100644 --- a/configs/nginx/redirect-to-https.conf +++ b/configs/nginx/redirect-to-https.conf @@ -1 +1,3 @@ -return 301 https://$host$request_uri; +location / { + return 301 https://$host$request_uri; +} |