From f2d43d3b2702ff19a2e6785d12946363fe8d211a Mon Sep 17 00:00:00 2001 From: earnolmartin Date: Sun, 26 Dec 2021 11:28:52 -0700 Subject: [PATCH] .well-known directory should not be password protected for let's encrypt --- ehcp/etc/nginx/apache_subdomain_template.nginx | 5 +++++ ehcp/etc/nginx/apachetemplate.nginx | 5 +++++ ehcp/etc/nginx_nonssl/apache_subdomain_template.nginx | 5 +++++ ehcp/etc/nginx_nonssl/apachetemplate.nginx | 5 +++++ ehcp/etc/nginx_ssl/apache_subdomain_template.nginx | 10 ++++++++++ ehcp/etc/nginx_ssl/apachetemplate.nginx | 10 ++++++++++ ehcp/etc/nginx_sslonly/apache_subdomain_template.nginx | 5 +++++ ehcp/etc/nginx_sslonly/apachetemplate.nginx | 5 +++++ 8 files changed, 50 insertions(+) diff --git a/ehcp/etc/nginx/apache_subdomain_template.nginx b/ehcp/etc/nginx/apache_subdomain_template.nginx index 111f107..7787317 100755 --- a/ehcp/etc/nginx/apache_subdomain_template.nginx +++ b/ehcp/etc/nginx/apache_subdomain_template.nginx @@ -37,6 +37,11 @@ server { expires 30d; root {homedir}; } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; diff --git a/ehcp/etc/nginx/apachetemplate.nginx b/ehcp/etc/nginx/apachetemplate.nginx index e05e214..b92053d 100755 --- a/ehcp/etc/nginx/apachetemplate.nginx +++ b/ehcp/etc/nginx/apachetemplate.nginx @@ -142,6 +142,11 @@ server { root /usr/share/; } } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } # any files that should be avoided, may be put here: location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { diff --git a/ehcp/etc/nginx_nonssl/apache_subdomain_template.nginx b/ehcp/etc/nginx_nonssl/apache_subdomain_template.nginx index 460ef56..bd49451 100755 --- a/ehcp/etc/nginx_nonssl/apache_subdomain_template.nginx +++ b/ehcp/etc/nginx_nonssl/apache_subdomain_template.nginx @@ -37,6 +37,11 @@ server { expires 30d; root {homedir}; } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; diff --git a/ehcp/etc/nginx_nonssl/apachetemplate.nginx b/ehcp/etc/nginx_nonssl/apachetemplate.nginx index bdef002..36c6cfe 100755 --- a/ehcp/etc/nginx_nonssl/apachetemplate.nginx +++ b/ehcp/etc/nginx_nonssl/apachetemplate.nginx @@ -136,6 +136,11 @@ server { root /usr/share/; } } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } # any files that should be avoided, may be put here: location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { diff --git a/ehcp/etc/nginx_ssl/apache_subdomain_template.nginx b/ehcp/etc/nginx_ssl/apache_subdomain_template.nginx index 60bbe20..48d1fc2 100755 --- a/ehcp/etc/nginx_ssl/apache_subdomain_template.nginx +++ b/ehcp/etc/nginx_ssl/apache_subdomain_template.nginx @@ -37,6 +37,11 @@ server { expires 30d; root {homedir}; } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; @@ -84,6 +89,11 @@ server { expires 30d; root {homedir}; } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; diff --git a/ehcp/etc/nginx_ssl/apachetemplate.nginx b/ehcp/etc/nginx_ssl/apachetemplate.nginx index e49626f..c2200ae 100755 --- a/ehcp/etc/nginx_ssl/apachetemplate.nginx +++ b/ehcp/etc/nginx_ssl/apachetemplate.nginx @@ -142,6 +142,11 @@ server { root /usr/share/; } } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } # any files that should be avoided, may be put here: location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { @@ -301,6 +306,11 @@ server { } } + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } + # any files that should be avoided, may be put here: location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; diff --git a/ehcp/etc/nginx_sslonly/apache_subdomain_template.nginx b/ehcp/etc/nginx_sslonly/apache_subdomain_template.nginx index 36dc120..d60ab2b 100755 --- a/ehcp/etc/nginx_sslonly/apache_subdomain_template.nginx +++ b/ehcp/etc/nginx_sslonly/apache_subdomain_template.nginx @@ -42,6 +42,11 @@ server { expires 30d; root {homedir}; } + + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all; diff --git a/ehcp/etc/nginx_sslonly/apachetemplate.nginx b/ehcp/etc/nginx_sslonly/apachetemplate.nginx index 93bac3b..2e113e1 100755 --- a/ehcp/etc/nginx_sslonly/apachetemplate.nginx +++ b/ehcp/etc/nginx_sslonly/apachetemplate.nginx @@ -150,6 +150,11 @@ server { } } + location /.well-known { + auth_basic off; + allow all; # Allow all to see content + } + # any files that should be avoided, may be put here: location ~ (apache_subdomain_template|apachetemplate|apachetemplate_ipbased|apachetemplate_passivedomains|/\.conf$|/\.ht|access_log|error_log|access\.log|error\.log) { deny all;