Hi Francis, I indeed thought about having a separate server {} block in case there’s the http to https redirect for a specific domain. Since it depends on the domain, I can’t make a general one to match everything.
> Or: you use $sslproxy_protocol. Where does that come from? $sslproxy_protocol is a simple map doing: map $https $sslproxy _protocol { default "http"; SSL "https"; on "https"; } Best Regards, Lucas Rolff On 08/03/2018, 09.44, "nginx on behalf of Francis Daly" <nginx-boun...@nginx.org on behalf of fran...@daoine.org> wrote: On Wed, Mar 07, 2018 at 04:55:15PM +0000, Lucas Rolff wrote: Hi there, > This means I have something like: > > 1: location ~* /.well-known > 2: if condition doing redirect if protocol is http > 3: location / > 4: location /api > 5: location /test > > All my templates include 1 to 3, and *might* have additional locations. > My issue is – because of this if condition that does the redirect to https – it also applies to my location ~* /.well-known – thus causing a redirect, and I want to prevent this, since it breaks the Let’s Encrypt validation (they do not accept 301 redirects). > Is there a smart way without adding too much complexity, which is still super-fast (I know if is evil) ? As phrased, I think the short answer to your question is "no". However... You optionally redirect things from http to https. Is that "you want to redirect *everything* from http to https, apart from the letsencrypt thing"? If so, you could potentially have just one server { listen 80; location / { return 301 https://$host$uri; } location /.well-known/ { proxy_pass http://letsencrypt.validation.backend.com; } } and a bunch of server { listen 443; } blocks. Or: you use $sslproxy_protocol. Where does that come from? If it is a thing that you create to decide whether or not to redirect to https, then could you include a check for whether the request starts with /.well-known/, and if so set it to something other than "http"? f -- Francis Daly fran...@daoine.org _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx