lonix1
October 10, 2019, 8:56am
1
I’m using certbot standalone
. I want to proxy challenges to certbot (--http-01-port 1234
).
I use this nginx config:
location ~ /.well-known/acme-challenge {
proxy_pass http://localhost:1234;
#proxy_pass http://localhost:1234/.well-known/acme-challenge/; # or this?
}
Is that enough, or does certbot expect headers to be set?
Some examples on StackOverflow set X-Forwarded-For
, X-Real-IP
, and Host
. But everyone uses different values, so I don’t want to blindly copy-paste.
Should I set them, and if so, what values should I use?
_az
October 10, 2019, 9:07am
2
No, Certbot's standalone server doesn't care about the headers as long as it's a well formed HTTP request. nginx already guarantees that by virtue of sitting in front.
It doesn't look at anything except the request method and request path: https://github.com/certbot/certbot/blob/118cb3c9b1e62599b57082b71ab7313b2cdc1632/acme/acme/standalone.py#L218-L254
2 Likes
lonix1
October 10, 2019, 9:14am
3
Thanks for confirming!
I hate blindly copy-pasting code, and SO is really bad in that regard!
1 Like
system
Closed
November 9, 2019, 9:14am
4
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.