From: Ralf Jung Date: Mon, 2 Sep 2024 13:21:35 +0000 (+0200) Subject: fix apache HTTP2HTTPS redirect config X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/34cf4db2749cb9993eb062f6f4a32c1f4067a6b3?ds=sidebyside;hp=bb0f118049b0f9e85ff03d74eb81ab7d71bf97aa fix apache HTTP2HTTPS redirect config --- diff --git a/roles/apache/templates/ssl.conf b/roles/apache/templates/ssl.conf index 5fa87c3..6a0b99f 100644 --- a/roles/apache/templates/ssl.conf +++ b/roles/apache/templates/ssl.conf @@ -6,7 +6,14 @@ ServerName $domain - Redirect permanent / https://$domain/ + # Apparently you need the rewrite engine to implement + # a simple "redirect all except for..." policy. Amazing. + RewriteEngine on + # Do *not* redirect the acme-challenge dir to https, since otherwise the + # challenge cannot be fetched when there is no certificate yet for this domain. + RewriteRule ^/\.well-known/acme-challenge/(.*) /srv/acme-challenge/$1 [L] + # Make the upgrade to HTTPS a "permanent" redirect. + RewriteRule ^/(.*) https://$domain/$1 [R=301,L]