|
@@ -16,6 +16,19 @@ server {
|
16
|
16
|
|
17
|
17
|
include /etc/nginx/conf.d/{{ service.vhosts[0] }}/*.conf;
|
18
|
18
|
|
|
19
|
+ # From https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622
|
|
20
|
+ location ^~ /.well-known/acme-challenge/ {
|
|
21
|
+ default_type "text/plain";
|
|
22
|
+ alias /letsencrypt/well-known/;
|
|
23
|
+ }
|
|
24
|
+
|
|
25
|
+ # Hide /acme-challenge subdirectory and return 404 on all requests.
|
|
26
|
+ # It is somewhat more secure than letting Nginx return 403.
|
|
27
|
+ # Ending slash is important!
|
|
28
|
+ location = /.well-known/acme-challenge/ {
|
|
29
|
+ return 404;
|
|
30
|
+ }
|
|
31
|
+
|
19
|
32
|
location / {
|
20
|
33
|
proxy_pass {{ service.protocol }}://{{ service.upstream }};
|
21
|
34
|
proxy_set_header Host $host;
|