- change rewrite rules for redirects to exclude acme challenge dir, fixes #4833 (!677) · Merge requests · ISPConfig / ISPConfig 3

Marius Burkard requested to merge fix-nginx-letsencrypt into stable-3.1 Nov 21, 2017

Previously the rewrite rules were like this:

   if ($http_host = "domain.com.au") {
            rewrite ^(?!/\b(sites/domain.com.au|stats|error)\b)/(.*)$ /sites/domain.com.au/$2 last;
        }

Same applies without the last at the end.

I am not sure why the \b were there at all because checking for word boundary when the words must be enclosed in / is quite without sense.

The rule in addition lead to the fact that this rule did not apply:

location ^~ /.well-known/acme-challenge/ {
			access_log off;
			log_not_found off;
			root /usr/local/ispconfig/interface/acme/;
			autoindex off;
			index index.html;
			try_files $uri $uri/ =404;
        }

After the first rewrite the path did no longer begin with /.well-known but with /sites/domain.com.au/.well-known.

I changed the first rule to exclude .well-known/acme-challenge from being rewritten to subdirectories:

   if ($http_host = "domain.com.au") {
            rewrite ^(?!/(sites/domain.com.au|stats|error|\.well-known/acme-challenge))/(.*)$ /sites/domain.com.au/$2 last;
        }

For this I had to remove the \b because otherwise the added .well-known rule wouldn't work because of the leading dot.

- change rewrite rules for redirects to exclude acme challenge dir, fixes #4833

Merge request reports