https redirect: don't include app conf snippets if https redirect is enabled

2024-09-03 20:06:10 +02:00 · 2021-08-31 23:12:56 +02:00 · 2021-08-31 23:12:56 +02:00 · b2a67c4f86
commit b2a67c4f86
parent 4ee759855a
1 changed files with 4 additions and 2 deletions
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@ -12,8 +12,6 @@ server {

    include /etc/nginx/conf.d/acme-challenge.conf.inc;

-    include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
-
    location ^~ '/.well-known/ynh-diagnosis/' {
        alias /tmp/.well-known/ynh-diagnosis/;
    }
@ -22,10 +20,14 @@ server {
        alias /var/www/.well-known/{{ domain }}/autoconfig/mail/;
    }

+    {# Note that this != "False" is meant to be failure-safe, in the case the redrect_to_https would happen to contain empty string or whatever value. We absolutely don't want to disable the HTTPS redirect *except* when it's explicitly being asked to be disabled. #}
    {% if redirect_to_https != "False" %}
    location / {
        return 301 https://$http_host$request_uri;
    }
+    {# The app config snippets are not included in the HTTP conf unless HTTPS redirect is disabled, because app's location may blocks will conflict or bypass/ignore the HTTPS redirection. #}
+    {% else %}
+    include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
    {% endif %}

    access_log /var/log/nginx/{{ domain }}-access.log;