mirror/nginx-proxy
1
0
Fork 0
mirror of https://github.com/nginx-proxy/nginx-proxy synced 2024-11-08 07:49:22 +01:00
Code Issues

Merge pull request #2446 from pini-gh/pini-acme-challenge

Browse Source 
Improve acme-challenge handling
This commit is contained in:
Nicolas Duchon 2024-05-13 22:21:41 +02:00 committed by GitHub
commit 2564a93966
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx.tmpl
View File

@ -762,6 +762,16 @@ server {
{{- if $globals.enable_ipv6 }} {{- if $globals.enable_ipv6 }}
listen [::]:{{ $globals.external_http_port }} {{ $default_server }}; listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
{{- end }} {{- end }}
{{- if (eq $vhost.https_method "noredirect") }}
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
{{- end }}
{{- end }} {{- end }}
{{- if ne $vhost.https_method "nohttps" }} {{- if ne $vhost.https_method "nohttps" }}
listen {{ $globals.external_https_port }} ssl {{ $default_server }}; listen {{ $globals.external_https_port }} ssl {{ $default_server }};
@ -856,4 +866,4 @@ server {
} }
{{- end }} {{- end }}
} }
{{- end }} {{- end }}

4
test/test_ssl/test_noredirect.py
View File

@ -19,9 +19,9 @@ def test_web2_HSTS_policy_is_inactive(docker_compose, nginxproxy):
assert "Strict-Transport-Security" not in r.headers assert "Strict-Transport-Security" not in r.headers
def test_web3_acme_challenge_does_not_work(docker_compose, nginxproxy, acme_challenge_path): def test_web3_acme_challenge_does_work(docker_compose, nginxproxy, acme_challenge_path):
r = nginxproxy.get( r = nginxproxy.get(
f"http://web3.nginx-proxy.tld/{acme_challenge_path}", f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
allow_redirects=False allow_redirects=False
) )
assert r.status_code == 404 assert r.status_code == 200