-
Notifications
You must be signed in to change notification settings - Fork 820
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set auth_request off for acme challenge location #570
Conversation
Seems good to me but I have one question: Nginx doc for
What are the consequences of including statements for a potentially unbuilt module ? |
Argh. I had to compile from source to find a nginx install without the auth_request module enabled. (It seems to be enabled for in the popular Docker images, Alpine and Ubuntu packages, etc.) But, yes, without the module enabled, nginx throws an error:
And from what I understand, nginx doesn't have an equivalent of Apache's directive. There's probably no way for this container's scripts to interrogate the nginx container for available modules, either. Although in practice I don't imagine anyone would run into problems, it's probably not worth the risk. |
Is this Nginx doc really up to date ? Because none of the Nginx container Dockerfiles include |
Ok, bottom line is while Nginx is not built with the So the containerised versions of Nginx (either alpine or debian, and as far back as the tagged versions go) also include this module :
I don't see why the What is your view on this ? |
I also was unable to find any packaged version of nginx that did not include the http_auth_request module. I had to compile from source myself to test the error condition. I suspect that anyone who compiles nginx themselves probably has their own certificate management strategy, too. So I think this is safe to merge. |
Agreed, merging. Thanks for the contribution. |
Add the following to the Let's Encrypt ACME challenge "no redirection to HTTPS" nginx-proxy/acme-companion#570 nginx-proxy/acme-companion#335
Issue #569. Simple change to ensure that auth_request is off for the acme challenge location, just as we do for auth_basic.