#Redirect all to HTTPS

#debug.log-request-handling = "enable"
#debug.log-file-not-found = "enable"

# match all unencrypted traffic ...
$HTTP["scheme"] == "http" {
        # but not the letsencrypt webroot ...
        $HTTP["url"] !~ "^/\.well-known" {
        # and redirect as described on https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToRedirectHttpToHttps
                # capture vhost name with regex conditiona -> %0 in redirect pattern
                # must be the most inner block to the redirect rule
                $HTTP["host"] =~ ".*" {
                        url.redirect = (
                                ".*" => "https://%0$0"
                        )
                }
        }
}

alias.url += (
        "/.well-known/" => "/var/www/dehydrated/.well-known/"
)