From 2a4c74e30e3e43f2e20a8b3e688b6dd0eb9a452e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Rapha=C3=ABl=20Gertz?= <git@rapsys.eu>
Date: Sat, 30 Nov 2019 23:20:23 +0100
Subject: [PATCH] Fix script rewrite to end rewrite process Don't redirect
 errors and icons Add redirect in global rewrite, unencrypted vhosts only have
 to inherit rules

---
 www/acme.apache.conf | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/www/acme.apache.conf b/www/acme.apache.conf
index 8ff2241..d3d1afd 100644
--- a/www/acme.apache.conf
+++ b/www/acme.apache.conf
@@ -14,9 +14,17 @@
 	# Start rewrite engine
 	RewriteEngine on
 
-	# Only if https is disabled
+	# Rewrite acme uri on php script
 	RewriteCond %{HTTPS} off
+	RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [END]
 
-	# Rewrite acme uri on php script
-	RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [L]
+	# Rewrite errors as final
+	RewriteRule ^/error/(HTTP_BAD_GATEWAY|HTTP_BAD_REQUEST|HTTP_FORBIDDEN|HTTP_GONE|HTTP_INTERNAL_SERVER_ERROR|HTTP_LENGTH_REQUIRED|HTTP_METHOD_NOT_ALLOWED|HTTP_NOT_FOUND|HTTP_NOT_IMPLEMENTED|HTTP_PRECONDITION_FAILED|HTTP_REQUEST_ENTITY_TOO_LARGE|HTTP_REQUEST_TIME_OUT|HTTP_REQUEST_URI_TOO_LARGE|HTTP_SERVICE_UNAVAILABLE|HTTP_UNAUTHORIZED|HTTP_UNSUPPORTED_MEDIA_TYPE|HTTP_VARIANT_ALSO_VARIES).html.var "-" [PT,END]
+
+	# Rewrite icons as final
+	RewriteRule ^/icons/(([acfp]|back|binary|binhex|blank|bomb|box1|box2|broken|burst|compressed|continued|dir|diskimg|down|dvi|forward|icon.sheet|image1|image2|image3|index|layout|left|link|movie|patch|pdf|pie0|pie1|pie2|pie3|pie4|pie5|pie6|pie7|pie8|portal|ps|quill|right|screw1|screw2|script|sound1|sound2|sphere1|sphere2|tar|tex|text|transfer|unknown|up|uuencoded|uu|world1|world2|folder(|.open|.sec)|generic(|.red|.sec)|alert.(black|red)|hand.(right|up)|ball.(gray|red)|comp.(blue|gray)|small/(back|binary|binhex|blank|broken|burst|comp1|comp2|compressed|continued|doc|folder2|folder|forward|generic2|generic3|generic|image2|image|index|key|movie|patch|ps|rainbow|sound2|sound|tar|text|transfer|unknown|uu)).(gif|png)|apache_pb(|2).(gif|png|svg)|(svg|xml|odf6o(d[bcfgimpst]|t[cfghipst])).png) "-" [PT,END]
+
+	#Redirect to https
+	RewriteCond %{HTTPS} off
+	RewriteRule (/.*) https://%{SERVER_NAME}$1 [L,R=301]
 </IfModule>
-- 
2.41.1