From df5d7dcaab7700be6f942c3bf8ad0177a2b1c7eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=83=E6=9F=8F=E6=BE=84=28=E9=A2=A8=E9=9B=A8=29?=
 <wartw@users.noreply.github.com>
Date: Wed, 15 Nov 2023 20:14:29 +0800
Subject: [PATCH] Update force-ssl.conf

---
 .../rootfs/etc/nginx/conf.d/include/force-ssl.conf  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 15f0d2856..6d7ed9cb0 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -1,3 +1,14 @@
+# Since force-ssl.conf has now moved to the server section it overrides the letsencrypt config
+# which is inside a location section
+# Set FORCE variable in first 2 if tests and action in the third
+set $FORCE "";
 if ($scheme = "http") {
-	return 301 https://$host$request_uri;
+        set $FORCE 'H';
+}
+if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
+        set $FORCE "${FORCE}D";
+}
+# If we are http and outside the letsencrypt directories redirect via 301
+if ($FORCE = HD) {
+        return 301 https://$host$request_uri;
 }