Add configoption to exclude routes from tls upgrading (#2203)
* Add configoption to exclude routes from tls upgrading * Add tests for IsLocationInLocationList * Seperate elements in NoTLSRedirectLocations by comma * Set NoTLSRedirectLocations to "/.well-known/acme-challenge/" by default * Remove trailing slash from "/.well-known/acme-challenge" default
This commit is contained in:
Alvaro Aleman
Manuel Alejandro de Brito Fontes
parent
977cfcb4c7
commit
94deb3a01a
5 changed files with 60 additions and 1 deletions
|
|
@ -137,7 +137,7 @@ http {
|
|||
{{ if $cfg.EnableOpentracing }}
|
||||
opentracing on;
|
||||
{{ end }}
|
||||
|
||||
|
||||
{{ buildOpentracing $cfg }}
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
|
|
@ -779,6 +779,7 @@ stream {
|
|||
|
||||
{{/* redirect to HTTPS can be achieved forcing the redirect or having a SSL Certificate configured for the server */}}
|
||||
{{ if (or $location.Rewrite.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Rewrite.SSLRedirect)) }}
|
||||
{{ if not (isLocationInLocationList $location $all.Cfg.NoTLSRedirectLocations) }}
|
||||
# enforce ssl on server side
|
||||
if ($redirect_to_https) {
|
||||
{{ if $location.UsePortInRedirects }}
|
||||
|
|
@ -792,6 +793,7 @@ stream {
|
|||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
{{ if $all.Cfg.EnableModsecurity }}
|
||||
modsecurity on;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue