Stefan,
Am 15.03.2018 um 21:24 schrieb Stefan Husch|qutic development:
> frontend 10.10.10.10_80
> bind 10.10.10.10:80 name 10.10.10.10:80
> mode http
> option http-keep-alive
> option log-separate-errors
> option httplog
> acl acl_1 path_beg -i /.well-known/acme-challenge/
> use_backend acme_challenge_backend if acl_1
> acl acl_2 hdr_reg(host) -i \b(?:\d{1,3}\.){3}\d{1,3}\b
> http-request redirect code 301 location https://example.com if acl_2
> acl acl_3 req.proto_http
> http-request redirect scheme https code 301 if acl_3
>
> I thought the acls are processed from 1 to 3, but the curl result is not
> going to the acme_challenge_backend, but doing a https redirect.
The ACLs order is not relevant, I recommend to group them all together
at the top (and give them meaningful names) and then act on them at the
bottom. Here's an example excerpt of my config:
> acl acme_challenge path_beg /.well-known/acme-challenge/
> acl example.com hdr(host) -i example.com
> # repeat for other domains
>
> redirect code 301 scheme https if !acme_challenge
> example.com
> # repeat for other domains
>
> use_backend bk_letsencrypt if acme_challenge
Basically add the !acme_challenge to your redirects. Another possibility
is to add the acme-challenge logic to your HTTPS backend, Let's Encrypt
follows redirects. This does require an existing certificate for your
domains though.
The HTTP protocol (without 's') is implied for your frontend, as you
only listen on port 80, that might simplify your configuration as well.
Best regards
Tim Düsterhus
