docker image: use /run/acme-challenge for acme challenges

This alias the URL '/.well-known/acme-challenge' in the http frontend to the path '/run/acme-challenge'. This allows easy configuration of ssl certificates from letsencrypt using any acme client which supports the webroot mode. Note that this change on its own does not do anything without further action (i.e. installing and configuring an acme client).
sagemathinc · Aug 16, 2017 · 8fde3cf · 8fde3cf
1 parent 8405b88
commit 8fde3cf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/haproxy.conf b/haproxy.conf
@@ -41,8 +41,15 @@ backend proxy
 
 frontend http
     bind *:80
+
+    # acme request path (for ssl certificates)
+    acl is_acme path_beg /.well-known/acme-challenge
+
     # permanent redirect to https
-    redirect scheme https code 301
+    redirect scheme https code 301 if !is_acme
+
+    # static serve acme request
+    use_backend static if is_acme
 
 frontend https
     bind *:443 ssl crt /nopassphrase.pem no-sslv3

diff --git a/nginx.conf b/nginx.conf
@@ -7,5 +7,11 @@ server {
                 rewrite ^/static/(.*) /$1;
                 try_files $uri $uri/ =404;
         }
+
         location / {}  # Needed for access to the index.htm
+
+        # acme request path (for ssl certificates)
+        location /.well-known/acme-challenge {
+                alias /run/acme-challenge;
+        }
 }