Here is a sample working configuration from one of my servers. Note that it
uses separate `server` blocks for HTTP and HTTPS to make it easier to read.
server {
listen 80;
listen [::]:80;
server_name server.example.com;
location ~ /\.well-known {
root /path/to/site;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name server.example.com;
root /path/to/site;
# rest of server config left our for brevity...
}
Doing it this way has a side benefit if you have many sites running on a
single server and you would like all of them to use LetsEncrypt and to be
redirected to HTTPS.
You can change the HTTP `server` block to look like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
location ~ /\.well-known {
# ALL LetsEncrypt authorizations will be done in this
single shared folder.
# This means you can issue the certificate using the
LetsEncrypt command line
# and then create the `server` block which already includes
the correct path to the certificate.
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
You then only need to create HTTPS `server` blocks for each site, which
makes your configuration much simpler.
Moshe
--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732
On Sun, Dec 2, 2018 at 5:09 PM Moshe Katz <kohenkatz@gmail.com> wrote:
> I believe you need to put the `return 301 ...` inside a location block
> too. Otherwise, it overrides all the location blocks.
>
> I'm on my phone now, but I'll try to share a sample file from one of my
> servers (that works as you want it) when I get back to my computer.
>
> Moshe
>
>
> On Sun, Dec 2, 2018, 5:03 PM Mik J via nginx <nginx@nginx.org wrote:
>
>> Hello,
>>
>> I'd like to be able to offer let's encrypt in port 80 only and redirect
>> everything else to port 443
>>
>> server {
>> listen 80;
>> listen [::]:80;
>> listen 443;
>> listen [::]:443;
>> server_name http://www.mydomain.org blog.mydomain.org;
>> location ^~ /.well-known/acme-challenge { default_type
>> "text/plain"; root /var/www/letsencrypt; }
>> location = /.well-known/acme-challenge/ { return 404; }
>> return 301 https:// mydomain.org;
>> }
>>
>> My problem is that everything is redirected and I cannot access a file in
>> /var/www/letsencrypt/.well-known/acme-challenge
>> When I comment the return 301 it works but I loose the redirection.
>>
>> It seems to me that nginx parses everything where I would expect it to
>> stop at
>> location ^~ /.well-known/acme-challenge { default_type "text/plain"; root
>> /var/www/letsencrypt; }
>>
>> Does anyone know the trick ?
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
