Adds own server on port 80 for letsencrypt and redirect

master
Wolfgang Jung 4 years ago
parent 550065b043
commit f999e3de08

@ -34,6 +34,25 @@ http {
'' $scheme; '' $scheme;
} }
{% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] and not TLS_ERROR %}
# Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes
#
server {
# Listen over HTTP
listen 80;
listen [::]:80;
{% if TLS_FLAVOR == 'letsencrypt' %}
location ^~ /.well-known/acme-challenge/ {
proxy_pass http://127.0.0.1:8008;
}
{% endif %}
# redirect to https
location / {
return 301 https://$host$request_uri;
}
}
{% endif %}
# Main HTTP server # Main HTTP server
server { server {
# Favicon stuff # Favicon stuff
@ -48,9 +67,11 @@ http {
set $webdav {{ WEBDAV_ADDRESS }}; set $webdav {{ WEBDAV_ADDRESS }};
{% endif %} {% endif %}
# Always listen over HTTP # Listen on HTTP only in kubernetes or behind reverse proxy
{% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] or TLS_ERROR %}
listen 80; listen 80;
listen [::]:80; listen [::]:80;
{% endif %}
# Only enable HTTPS if TLS is enabled with no error and not on kubernetes # Only enable HTTPS if TLS is enabled with no error and not on kubernetes
{% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %} {% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %}
@ -78,8 +99,7 @@ http {
add_header X-XSS-Protection '1; mode=block'; add_header X-XSS-Protection '1; mode=block';
add_header Referrer-Policy 'same-origin'; add_header Referrer-Policy 'same-origin';
# In any case, enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes {% if TLS_FLAVOR == 'mail-letsencrypt' %}
{% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'mail-letsencrypt' ] %}
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
proxy_pass http://127.0.0.1:8008; proxy_pass http://127.0.0.1:8008;
} }

@ -0,0 +1 @@
Fixes certbot renewal
Loading…
Cancel
Save