From 6ae4a16f420e0c7442634888c17e1cef5160cefd Mon Sep 17 00:00:00 2001
From: "The repo.or.cz admin team" <admin@repo.or.cz>
Date: Sat, 18 Jul 2020 07:48:40 +0200
Subject: [PATCH] apache.conf.in: make TLS redirect take precedence

The redirect to https needs to appear before any other
mod_rewrite activity in order to avoid those other rewrites
grabbing the request first and serving it over http.

Signed-off-by: The repo.or.cz admin team <admin@repo.or.cz>
---
 apache.conf.in | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/apache.conf.in b/apache.conf.in
index 5e25d44..d2fbd9b 100644
--- a/apache.conf.in
+++ b/apache.conf.in
@@ -5,6 +5,15 @@
 # at repo.or.cz; unfortunately, somewhat independent from Girocco::Config.
 # It is not essential for Girocco to use a special virtualhost, however.
 <VirtualHost *:80>
+	<IfDefine @@TLSHost@@>
+	<IfModule rewrite_module>
+		RewriteEngine on
+		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+		RewriteCond %{SERVER_NAME} =@@httpdnsname@@
+		RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
+	</IfModule>
+	</IfDefine>
+
 	Alias /.well-known/acme-challenge/ @@webroot@@/../certs/acme/.well-known/acme-challenge/
 	<Directory "@@webroot@@/../certs/acme/.well-known/acme-challenge/">
 		Options None
@@ -407,15 +416,6 @@
 
 # ---- END LINES TO DUPLICATE ----
 
-	<IfDefine @@TLSHost@@>
-	<IfModule rewrite_module>
-		RewriteEngine on
-		RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-		RewriteCond %{SERVER_NAME} =@@httpdnsname@@
-		RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=301]
-	</IfModule>
-	</IfDefine>
-
 </VirtualHost>
 
 
-- 
2.11.4.GIT