GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 09:10:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

nginx: serve ACME challenges over unencrypted HTTP (#116)

Browse Source 
RFC 8555 section 8.3 [1] states HTTP challenge MUST be served over TCP
port 80 and while the verification follows redirects, those are unneed
and migh be harmful in specific deployment scenarios.

[1] https://datatracker.ietf.org/doc/html/rfc8555#section-8.3

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
This commit is contained in:
Wojtek Porczyk 2022-10-18 23:03:37 +02:00 committed by GitHub
parent 1a8546305d
commit 3d109453c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configs/nginx/nginx.conf
View File

@ -39,6 +39,7 @@ http {
server { server {
server_name localhost; server_name localhost;
include /etc/kvmd/nginx/listen-http.conf; include /etc/kvmd/nginx/listen-http.conf;
include /etc/kvmd/nginx/certbot.ctx-server.conf;
include /etc/kvmd/nginx/redirect-to-https.conf; include /etc/kvmd/nginx/redirect-to-https.conf;
} }
@ -47,7 +48,6 @@ http {
include /etc/kvmd/nginx/listen-https.conf; include /etc/kvmd/nginx/listen-https.conf;
include /etc/kvmd/nginx/ssl.conf; include /etc/kvmd/nginx/ssl.conf;
include /etc/kvmd/nginx/kvmd.ctx-server.conf; include /etc/kvmd/nginx/kvmd.ctx-server.conf;
include /etc/kvmd/nginx/certbot.ctx-server.conf;
include /usr/share/kvmd/extras/*/nginx.ctx-server.conf; include /usr/share/kvmd/extras/*/nginx.ctx-server.conf;
} }
} }

4
configs/nginx/redirect-to-https.conf
View File

@ -1 +1,3 @@
return 301 https://$host$request_uri; location / {
return 301 https://$host$request_uri;
}