docker/mailu
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The ACME spec says that http validation should be done via http, not https.

Browse Source
This commit is contained in:
John D. Rowell
2017-07-29 14:27:51 -03:00
parent 2bfe11c1a4
commit 85b96a33aa
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nginx/nginx.conf.default
View File

@@ -26,8 +26,19 @@ http {
server { server {
listen 80; listen 80;
listen 443 ssl;
listen [::]:80; listen [::]:80;
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
# TLS configuration hardened according to: # TLS configuration hardened according to:
@@ -43,10 +54,6 @@ http {
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
# Load Lua variables # Load Lua variables
set_by_lua $webmail 'return os.getenv("WEBMAIL")'; set_by_lua $webmail 'return os.getenv("WEBMAIL")';
set_by_lua $webdav 'return os.getenv("WEBDAV")'; set_by_lua $webdav 'return os.getenv("WEBDAV")';
@@ -93,9 +100,5 @@ http {
return 403; return 403;
} }
} }
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
} }
} }