[sysadmin-notify] [ansible] Allow acme-challenge to bypass https redirect

commit 890cae59296ba6c890817cafbe65f2f43ef523a0 Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Thu Mar 2 10:21:37 2017 +0100 Allow acme-challenge to bypass https redirect roles/httpd/templates/website.conf.j2 | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) --- diff --git a/roles/httpd/templates/website.conf.j2 b/roles/httpd/templates/website.conf.j2 index 466b2b0..5d62924 100644 --- a/roles/httpd/templates/website.conf.j2 +++ b/roles/httpd/templates/website.conf.j2 @@ -10,9 +10,21 @@ SetOutputFilter DEFLATE <% end -%> +{% if acme -%} + AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/www/html/.well-known/acme-challenge/$1 + + <Directory "/var/www/html/.well-known/acme-challenge/"> + Options None + AllowOverride None + ForceType text/plain + RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)" + </Directory> +<% end -%> + {% if sslonly -%} RewriteEngine On RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] <% else -%> Include "conf.d/{{ name }}/*.conf"