-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP_METHOD=nohttps requires CERT_NAME set to work in some cases #766
Comments
You should provide the The relevant part in the documentation is § How SSL Support Works:
(and yes the README says |
Before, when `HTTPS_METHOD` was set to `nohttp`, one or two plain http server entries were created anyway: * A catch-all fallback server that always returns 503. Always created to handle requests for vhosts not otherwise defined. * When the vhost-specific certificate is missing, a plain http equivalent of the https vhost that would have been created had the certificate existed. (Maybe this was created to help `acme-companion`, or maybe it was an oversight.) Similarly, when `HTTPS_METHOD` was set to `nohttps`, https server entries were possibly created anyway: * A catch-all fallback server that always returns 503. Created when a default certificate exists to handle requests for vhosts not otherwise defined. * A vhost that always returns 500, created when a default certificate exists but a vhost-specific certificate does not. This commit eliminates these servers, bringing the behavior in line with the documentation and user expectation. It also makes it easier to implement a new feature: different servers on different ports. Fixes nginx-proxy#766.
Before, when `HTTPS_METHOD` was set to `nohttp`, one or two plain http server entries were created anyway: * A catch-all fallback server that always returns 503. Always created to handle requests for vhosts not otherwise defined. * When the vhost-specific certificate is missing, a plain http equivalent of the https vhost that would have been created had the certificate existed. (Maybe this was created to help `acme-companion`, or maybe it was an oversight.) Similarly, when `HTTPS_METHOD` was set to `nohttps`, https server entries were possibly created anyway: * A catch-all fallback server that always returns 503. Created when a default certificate exists to handle requests for vhosts not otherwise defined. * A vhost that always returns 500, created when a default certificate exists but a vhost-specific certificate does not. This commit eliminates these servers, bringing the behavior in line with the documentation and user expectation. It also makes it easier to implement a new feature: different servers on different ports. Fixes nginx-proxy#766.
This should have been fixed by #2186 |
This might just be something to add to the documentation...
I have a wildcard certificate used by a couple virtual hosts which require https (redirect).
When I went to spin up a new virtual host which requires that only http be used (HTTP_METHOD=nohttps) I was surprised to find that I ended up getting a 503. The virtual host
I was attempting to spin up also matched the wildcard certificate which as far as I can tell is what
causes the issue.
The issue can be easily fixed by adding
CERT_NAME=<invalid cert name>
but it wasn't documented that this would work and it wasn't obvious.I think it's a bug that a valid cert overrules the HTTP_METHOD=nohttps.
The text was updated successfully, but these errors were encountered: