michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Explicitly exclude ACME challenge path from HTTPS redirect

Browse Source 
- Add explicit exclusion of /.well-known/acme-challenge from catch-all redirect
- Ensures ACME challenges are never redirected to HTTPS
- Traefik handles ACME challenges automatically, but explicit exclusion is safer
This commit is contained in:
Michael Schiemer
2025-11-08 18:46:27 +01:00
parent 3d233e8b2c
commit 06bad20123
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
deployment/stacks/traefik/docker-compose.yml
View File

@@ -54,7 +54,8 @@ services:
# Global redirect to HTTPS (lower priority, matches everything else)
# ACME challenges are excluded from redirect automatically by Traefik
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
# Explicitly exclude ACME challenge path to be safe
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`) && !PathPrefix(`/.well-known/acme-challenge`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.routers.http-catchall.priority=1"