mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-24 18:08:28 +01:00
Fix SSL certificate renewal for the custom-proxy-server case
When using matrix-nginx-proxy, the file permissions are organized in a way that matrix-nginx-proxy could read the challenge files produced by acmetool. However, when another own/external webserver was used (like nginx with our generated sample configuration), this could not work. From on we're proxying the HTTP requests to port :402 in such a case, which fixes the problem.
This commit is contained in:
parent
f476e49e64
commit
d14ef08d5b
@ -5,8 +5,18 @@ server {
|
|||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
|
{#
|
||||||
|
The proxy can access the files directly.
|
||||||
|
An external server likely does not have permission to read these files,
|
||||||
|
so we'll just proxy to acme's :402 port.
|
||||||
|
#}
|
||||||
|
|
||||||
|
{%- if matrix_nginx_proxy_enabled -%}
|
||||||
default_type "text/plain";
|
default_type "text/plain";
|
||||||
alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
|
alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
|
||||||
|
{%- else -%}
|
||||||
|
proxy_pass http://localhost:402;
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
@ -5,8 +5,18 @@ server {
|
|||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
|
{#
|
||||||
|
The proxy can access the files directly.
|
||||||
|
An external server likely does not have permission to read these files,
|
||||||
|
so we'll just proxy to acme's :402 port.
|
||||||
|
#}
|
||||||
|
|
||||||
|
{%- if matrix_nginx_proxy_enabled -%}
|
||||||
default_type "text/plain";
|
default_type "text/plain";
|
||||||
alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
|
alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
|
||||||
|
{%- else -%}
|
||||||
|
proxy_pass http://localhost:402;
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
Loading…
Reference in New Issue
Block a user