search

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
358 stars 59 forks source link

Would it better to wrap "return 301" inside a `location` block of nginx conf? #95

Closed runapp closed 3 years ago

runapp commented 4 years ago

I've recently found that acme.sh cannot auto renew a domain hosted by nginx and using the configure file generated by this tool. After some inspection, I found acme.sh is just adding a block like 

location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
  default_type text/plain;
  return 200 "I AM THE TOKEN";
}

to the listen 80 server block. However, cause the return 301 is under the main server block, no other blocks won't override that.

I'm not sure if the best way is to make a change to acme.sh project, or conf template of this tool? From my point of view, default action seems to be always inside a location / block. But on the other side, it's acme.sh who should take more care to be compatible with more cases. Any ideas?

april commented 4 years ago

I think that would probably make sense to me. Sorry for taking so long to respond to this!