Fix SSL certificate renewal for the custom-proxy-server case

When using matrix-nginx-proxy, the file permissions are organized
in a way that matrix-nginx-proxy could read the challenge files
produced by acmetool.

However, when another own/external webserver was used (like nginx
with our generated sample configuration), this could not work.
From on we're proxying the HTTP requests to port :402 in such a case,
which fixes the problem.
development
Slavi Pantaleev 7 years ago
parent f476e49e64
commit d14ef08d5b

@ -5,8 +5,18 @@ server {
server_tokens off; server_tokens off;
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
{#
The proxy can access the files directly.
An external server likely does not have permission to read these files,
so we'll just proxy to acme's :402 port.
#}
{%- if matrix_nginx_proxy_enabled -%}
default_type "text/plain"; default_type "text/plain";
alias {{ matrix_ssl_certs_path }}/run/acme-challenge; alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
{%- else -%}
proxy_pass http://localhost:402;
{% endif %}
} }
location / { location / {

@ -5,8 +5,18 @@ server {
server_tokens off; server_tokens off;
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
{#
The proxy can access the files directly.
An external server likely does not have permission to read these files,
so we'll just proxy to acme's :402 port.
#}
{%- if matrix_nginx_proxy_enabled -%}
default_type "text/plain"; default_type "text/plain";
alias {{ matrix_ssl_certs_path }}/run/acme-challenge; alias {{ matrix_ssl_certs_path }}/run/acme-challenge;
{%- else -%}
proxy_pass http://localhost:402;
{% endif %}
} }
location / { location / {

Loading…
Cancel
Save