0

I'm using lighttpd 1.4.45 on a Debian-based system and have the 10-no-www.conf (from /etc/lighttpd/conf-available/10-no-www.conf in the lighttpd package) in use to redirect "www.<something>" to "<something>".

In addition, I'm using certbot with the "webroot" method of verification (for Let's Encrypt). Therefore, I want all requests to /.well-known/acme-challenge/* to not be redirected (so I have a separate webroot for www. and the non-www. domain, since each one has a different SSL cert, even though the www. domain is just for redirection, it still needs to have a proper SSL cert to work).

This is the original content (does not work with https, does not exclude the acme-challenge part):

$HTTP["host"] =~ "^www\.(.*)" {
  url.redirect = ( "^/(.*)" => "http://%1/$1" )
}

This is what I have come up with:

$HTTP["scheme"] == "http" {
  $HTTP["url"] !~ "^/.well-known/acme-challenge/.*$" {
    $HTTP["host"] =~ "^www\.(.*)" {
      url.redirect = ( "^/(.*)" => "http://%1/$1" )
    }
  }
}

$HTTP["scheme"] == "https" {
  $HTTP["url"] !~ "^/.well-known/acme-challenge/.*$" {
    $HTTP["host"] =~ "^www\.(.*)" {
      url.redirect = ( "^/(.*)" => "https://%1/$1" )
    }
  }
}

While this works, it looks unnecessarily verbose -- is there a way to parameterize the scheme matching so that I can do it in a single block instead of two?

Thomas Perl
  • 103
  • 4

1 Answers1

1

The following should work by itself, as lighttpd currently does not support schemes other than "http" and "https":

  $HTTP["url"] !~ "^/.well-known/acme-challenge/.*$" {
    $HTTP["host"] =~ "^www\.(.*)" {
      url.redirect = ( "^/(.*)" => "https://%1/$1" )
    }
  }

Note: lighttpd added support for TLS-ALPN-01 in lighttpd 1.4.53. Latest lighttpd at the moment is lighttpd 1.4.55. TLS-ALPN-01 is recommended for use with Let's Encrypt.

gstrauss
  • 221
  • 1
  • 5