From 12b0fb47fbb923ea5b7d8107369c1ab3fe76024a Mon Sep 17 00:00:00 2001
From: Paul Mansfield <paul.mansfield@mansteck.co.uk>
Date: Wed, 4 May 2022 17:03:38 +0100
Subject: [PATCH] Update force-ssl.conf to allow for letsencrypt directories
 over http

Since we have moved force-ssl.conf into the server section, it overrides the location based letsencrypt allowed over http

- Make force-ssl only work if both http traffic and outside the letsencrypt directories.
---
 .../rootfs/etc/nginx/conf.d/include/force-ssl.conf  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 15f0d2856..6d7ed9cb0 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -1,3 +1,14 @@
+# Since force-ssl.conf has now moved to the server section it overrides the letsencrypt config
+# which is inside a location section
+# Set FORCE variable in first 2 if tests and action in the third
+set $FORCE "";
 if ($scheme = "http") {
-	return 301 https://$host$request_uri;
+        set $FORCE 'H';
+}
+if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
+        set $FORCE "${FORCE}D";
+}
+# If we are http and outside the letsencrypt directories redirect via 301
+if ($FORCE = HD) {
+        return 301 https://$host$request_uri;
 }