From 71a2a19847d50144d1875b75d4567a042659c07d Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Thu, 23 Jan 2020 14:32:27 +0100
Subject: [PATCH] apache: the default VHost doesn't redirect to https for
 ".well-known" paths

---
 CHANGELOG.md                              | 1 +
 apache/templates/evolinux-default.conf.j2 | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f7792ff..0766e649 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ The **patch** part changes incrementally at each release.
 ## [Unreleased]
 
 ### Added
+* apache: the default VHost doesn't redirect to https for ".well-known" paths
 * apt: check if cron is installed before adding a cron job
 * apt: remove jessie/buster sources from Gandi servers
 * apt: verify that /etc/evolinux is present
diff --git a/apache/templates/evolinux-default.conf.j2 b/apache/templates/evolinux-default.conf.j2
index 157ff5fc..68cdcf84 100644
--- a/apache/templates/evolinux-default.conf.j2
+++ b/apache/templates/evolinux-default.conf.j2
@@ -43,6 +43,7 @@
         RewriteEngine on
         # Redirect to HTTPS, execpt for munin, because some plugins
         # can't handle HTTPS! :(
+        RewriteCond %{REQUEST_URI} !^/.well-known.*$ [NC] [OR]
         RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
         RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
         RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]