Hello Moshe,
Thank you very much for your quick and detailed answer.
Have a nice day !


Le dimanche 2 décembre 2018 à 23:57:25 UTC+1, Moshe Katz <kohenkatz@gmail.com> a écrit :

Here is a sample working configuration from one of my servers. Note that it uses separate `server` blocks for HTTP and HTTPS to make it easier to read.
server {
        listen 80;        listen [::]:80;        server_name server.example.com;
        location ~ /\.well-known {                root /path/to/site;        }
        location / {                return 301 https://$host$request_uri;        }}
server {        listen 443 ssl http2;
        listen [::]:443 ssl http2;        server_name server.example.com;
        root /path/to/site;

        # rest of server config left our for brevity...}
Doing it this way has a side benefit if you have many sites running on a single server and you would like all of them to use LetsEncrypt and to be redirected to HTTPS.You can change the HTTP `server` block to look like this:
server {        listen 80 default_server;        listen [::]:80 default_server;
        location ~ /\.well-known {                # ALL LetsEncrypt authorizations will be done in this single shared folder.                # This means you can issue the certificate using the LetsEncrypt command line                # and then create the `server` block which already includes the correct path to the certificate. 
                root /var/www/html;        }
        location / {                return 301 https://$host$request_uri;        }}

You then only need to create HTTPS `server` blocks for each site, which makes your configuration much simpler.
Moshe
--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732

On Sun, Dec 2, 2018 at 5:09 PM Moshe Katz <kohenkatz@gmail.com> wrote:

I believe you need to put the `return 301 ...` inside a location block too. Otherwise, it overrides all the location blocks.
I'm on my phone now, but I'll try to share a sample file from one of my servers (that works as you want it) when I get back to my computer.
Moshe

On Sun, Dec 2, 2018, 5:03 PM Mik J via nginx <nginx@nginx.org wrote:

Hello,

I'd like to be able to offer let's encrypt in port 80 only and redirect everything else to port 443

server {
        listen 80;
        listen [::]:80;
        listen 443;
        listen [::]:443;
        server_name http://www.mydomain.org blog.mydomain.org;
        location ^~ /.well-known/acme-challenge { default_type "text/plain"; root /var/www/letsencrypt; }
        location = /.well-known/acme-challenge/ { return 404; }
        return 301 https:// mydomain.org;
}

My problem is that everything is redirected and I cannot access a file in /var/www/letsencrypt/.well-known/acme-challenge
When I comment the return 301 it works but I loose the redirection.
It seems to me that nginx parses everything where I would expect it to stop at
location ^~ /.well-known/acme-challenge { default_type "text/plain"; root /var/www/letsencrypt; }

Does anyone know the trick ?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx