Hi —
(This is nginx 1.11.10 and up to date FreeBSD STABLE-11)
I recently implemented LE certificates for my virtual domains, which will be
served at two hosts, accessed by round-robin DNS, aka two IP addresses. In
order to get the acme challenges running, I did implement the following
configuration:
Host A and Host B:
# port 80
server {
include include/IPs-80;
server_name example.com;
location / {
# redirect letsencrypt ACME challenge requests to
local-at-host-A.lan
location /.well-known/acme-challenge/ {
proxy_pass http://local-at-host-A.lan;
}
# all other requests are redirect to https, permanently
return 301 https://$server_name$request_uri;
}
}
# port 443
[snip]
Server local-at-host-A.lan (LE acme) finally serves the acme challenge
directory:
server {
include include/IPs-80;
server_name local-at-host-A.lan;
# redirect all letsencrypt ACME challenges to one global
directory
location /.well-known/acme-challenge/ {
root /var/www/acme/;
}
}
Well, that is working, somehow, except: If the LE server addresses Host A, the
challenge file is going to be retrieved instantaneously. If the LE server
addresses Host B, only every *other* request is being served instantaneously:
1. access: immediately download
2. access: 60 s wait, then download
3. access: immediately download
4. access: 60 s wait, then download
etc.
Hmm, default proxy_connect_timeout is 60s, I know. But why every other connect?
Every feedback on how to solve/debug that issue is highly welcome.
Thanks and regards,
Michael
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
