+ redirectVhost = { # Should go last, catchall http -> https redirect
+ listen = [ { ip = cfg.ip; port = 80; } ];
+ hostName = "redirectSSL";
+ serverAliases = [ "*" ];
+ enableSSL = false;
+ logFormat = "combinedVhost";
+ documentRoot = "/var/lib/acme/acme-challenge";
+ extraConfig = ''
+ RewriteEngine on
+ RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
+ RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
+ # To redirect in specific "VirtualHost *:80", do
+ # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
+ # rather than rewrite
+ '';
+ };
+ fallbackVhost = toVhost { # Should go first, default choice
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = ../../www;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };