diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2021-11-30 16:10:34 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-12-02 17:03:42 -0700 |
| commit | c6313c2170f7149c47cfe64ff2e9ea2c655165e6 (patch) | |
| tree | 65115b8c1f8d29c89721fa6dd6c857cb001295c1 /src/property | |
| parent | f0af57280d9da49d5553d74cc97878e2b342163c (diff) | |
| download | consfigurator-c6313c2170f7149c47cfe64ff2e9ea2c655165e6.tar.gz | |
APACHE:HTTPS-VHOST: narrow the scope of .well-known rewrite rule
The new rule is sufficient for the Let's Encrypt challenge to succeed, and has
the advantage of avoiding interference with other subpaths of .well-known/.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/property')
| -rw-r--r-- | src/property/apache.lisp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/property/apache.lisp b/src/property/apache.lisp index 5cd2564..4b94107 100644 --- a/src/property/apache.lisp +++ b/src/property/apache.lisp @@ -133,7 +133,7 @@ Unapplying removes the Apache site config but leaves the certificate behind." ,(strcat "ServerName " name ":80") ,@initial "RewriteEngine On" - "RewriteRule ^/.well-known/(.*) - [L]" + "RewriteRule ^/.well-known/acme-challenge.* - [L]" ;; redirect everything else to https ,(strcat "RewriteRule ^/(.*) https://" name "/$1 [L,R,NE]") ,@additional-config |