search

JonasAlfredsson / docker-nginx-certbot

Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
https://hub.docker.com/r/jonasal/nginx-certbot
MIT License
918 stars 168 forks source link

Avoid redirecting http -> https? #272

Closed honi closed 2 weeks ago

honi commented 1 month ago

The defaullt redirector.conf redirects all http traffic to https except the HTTP-01 ACME challenges. I understand the main reason behind this and it's a nice feature. But I'm getting spammed with scrapers and bots with an invalid host header reaching my Python/Django app.

I would like to drop this traffic at the proxy level. What's the recommended approach here? Should I override the redirector.conf to remove the redirect, and then add it only in my app server block which has a concrete server_name?

As mentioned here, adding a default https server generated a ton of other nginx related errors because it's missing the certificate config.

JonasAlfredsson commented 1 month ago

Hi,

If you want your own custom "redirector" you can just mount your configs to the /etc/nginx/conf.d/ folder instead, and thus overwriting anything that is already inside the container.

Then you can do whatever you want with the port 80 server block, but you will need to define the same "well-known" ACME location so Certbot works as expected with the HTTP challenge.

However, I would probably go with fail2ban and block bad client connections immediately before even getting to Nginx.

JonasAlfredsson commented 3 weeks ago

Any update to this?