Redirect all requests to HTTPS, except for one subdirectory

nginx redirect http https lets-encrypt
9,299

Try this:

server {
    listen  80;     
    server_name     sub.domain.tld;
    server_tokens   off;

    root /var/www/letsencrypt;

    location /.well-known {
        try_files $uri $uri/ =404;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

Since there was no try_files entry in your virtual server, it didn't know what to do with requests coming to /.well-known.

Share:
9,299

Related videos on Youtube

SaAtomic
Author by

SaAtomic

Updated on September 18, 2022

Comments

  • SaAtomic
    SaAtomic over 1 year

    I'm trying to move from self-signed certificates to Let's Encrypt certificates on my nginx webserver.

    Currently, I redirect all requests to http/80 to https/443, which uses a self signed certificate I created a while ago.

    Now - from what I understand Let's Encrypt makes a request to port 80 (as I am using the webroot option of certbot). These requests are redirected, which renders the certificate generation unsuccessful.

    I tried to achieve this with the following server block, listening at port 80:

    server {
        listen  80;     
        server_name     sub.domain.tld;
        server_tokens   off;


        location /.well-known {
                root /var/www/letsencrypt;
        }

        location / {
                return 301 https://$host$request_uri;
        }
}

    But requests to /.well-known are redirected to https/443 anyways.

    How can I redirect all requests from http/80 to https/443, except the requests to /.well-known/?

    • SaAtomic
      SaAtomic about 7 years
      As far as I'm aware, the webroot of certbot option requires plain http.
    • Alexey Ten
      Alexey Ten about 7 years
      How did you check redirect? I guess your browser respects HSTS headers for you domain, but let's encrypt bot would ignore it. Check with wget/curl
  • Alexey Ten
    Alexey Ten about 7 years
    location without try_files just sends file from root directory.
  • Olle Kelderman
    Olle Kelderman about 7 years
    weird, I have the exact same situation and I dont use try_files and it works perfectly fine for me. In fact I have the exact same config as stated in the question. Only difference is location /.well-known/ instead of location /.well-known (note the trailing slash). So maybe thats where the problem is?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Remove the following redirect chain if possible" on Nginx
nginx redirect http to https not working
Redirect all http requests behind Amazon ELB to https without using if
Redirect all http to https in nginx, except one file
IIS HTTP to HTTPS relative redirect
Nginx config to proxy pass to external ip and port (https -> http)
Redirect from secure https to http for only one page
Redirect HTTPS to HTTP permanently, from Apache VirtualHost
Nginx fails to start HTTP/2 server due to error: unknown log format
HTTP to HTTPS redirect even for IP