avoid unnecessary redirects for ACME challenge

This commit is contained in:
Daniel Micay 2023-02-09 09:53:16 -05:00
parent b85be6c2bb
commit 270cd2ba3f

View File

@ -91,8 +91,14 @@ http {
root /var/empty; root /var/empty;
location /.well-known/acme-challenge/ {
root /srv/certbot;
}
location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
}
server { server {
listen 443 ssl http2 backlog=4096; listen 443 ssl http2 backlog=4096;
@ -111,10 +117,6 @@ http {
return 301 https://grapheneos.org/articles/grapheneos-servers#matrix.grapheneos.org; return 301 https://grapheneos.org/articles/grapheneos-servers#matrix.grapheneos.org;
} }
location ^~ /.well-known/acme-challenge/ {
root /srv/certbot;
}
location ~ ^(?:/_matrix|/_synapse/client) { location ~ ^(?:/_matrix|/_synapse/client) {
# remove security headers that are statically set to the strictest possible values below # remove security headers that are statically set to the strictest possible values below
proxy_hide_header Referrer-Policy; proxy_hide_header Referrer-Policy;
@ -157,10 +159,6 @@ http {
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "none" always;
location ^~ /.well-known/acme-challenge/ {
root /srv/certbot;
}
location ~ '\.(?:css|html|ico|js|json|map|svg|txt|wasm|xml)$' { location ~ '\.(?:css|html|ico|js|json|map|svg|txt|wasm|xml)$' {
gzip_static on; gzip_static on;
brotli_static on; brotli_static on;