Convert nginx docroot to OLS rewrite

markc

New Member
#1
I've seen plenty of google hits for converting Apache to nginx and Apache to OLS but very few guides for converting nginx configs to OLS. With nginx I have a port 80 wildcard rule for .well-known to change only the doc root path to a common primary host path so I can get/renew Letsencrypt certificates even if the virtual host has a non-local IP, like on Cloudflare. I don't want a full redirect to another locally hosted URL. I want the incoming port 80 lookup from Letsencrypt to some.domain.tld to remain as such but that the doc root for some.domain.tld gets temporarily changed to where the /home/u/primaryhost.org/var/www/.well-known directory actually exists only if there is a URI path lookup of .well-known. All other port 80 traffic should get rewritten to port 443 using the real doc root of ie; /home/u/some.domain.tld/var/www. Any suggestions?

location ^~ /.well-known { root /home/u/primaryhost.org/var/www; }
 

markc

New Member
#3
Yes, I want any Letsencrypt port 80 lookup for any vhost on this server to have only the docroot temporarily changed to point to the docroot of the primary domain of this server. With my nginx rules, port 443 access for each vhost goes to the "standard" docroot for each vhost and port 80 gets a 301 redirect to 443 using the same vhost docroot, BUT vhost:80/.well-known/ lookups should go to a single primary docroot.

For instance, Nextcloud cannot be updated with a .well-known directory in it's docroot so this gets around that nicely. Some of my vhosts:443 are redirected to other servers but that initial vhost:443 site still needs a valid certificate before nginx redirects elsewhere. This strategy gets around that problem and allows me to still get certificates for the before-redirect vhost.
 

lsqtwrk

Administrator
#4
You can try context like this

Code:
context /.well-known/ {
  location                /var/www/for-ssl/
  allowBrowse             1

  rewrite  {

  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}
test:

Code:
[root@test ~]# echo "test on home" > /home/test1.domain.com/public_html/test.html
[root@test ~]# echo "test on var" > /var/www/for-ssl/test.html
[root@test ~]# curl http://test1.domain.com/test.html
test on home
[root@test ~]# curl http://test1.domain.com/.well-known/test.html
test on var
 

Attachments

markc

New Member
#5
Thanks again. Where is that "context /.well-known/" snippet meant to go?.. or is that the conf file result of using what's in the attached image?

I think I am trying to do too many things at once as I am also trying to get Wordpress Multisite to work on a virtual host and do this port80/.well-known testing at the same time. I'll blow this VPS away and set up 2 new ones. One with my standard nginx setup to make sure I understand how WP Multisite works and another fresh install of OLS to get this port80/.well-known redirect working correctly. I'll be back :)
 
Top