Merge pull request #2446 from pini-gh/pini-acme-challenge

Improve acme-challenge handling
nginx-proxy · May 13, 2024 · 2564a93 · 2564a93
2 parents db07d90 + 6c1b532
commit 2564a93
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/nginx.tmpl b/nginx.tmpl
@@ -762,6 +762,16 @@ server {
  {{- if $globals.enable_ipv6 }}
  listen [::]:{{ $globals.external_http_port }} {{ $default_server }};
  {{- end }}
+
+ {{- if (eq $vhost.https_method "noredirect") }}
+ location /.well-known/acme-challenge/ {
+ auth_basic off;
+ allow all;
+ root /usr/share/nginx/html;
+ try_files $uri =404;
+ break;
+ }
+ {{- end }}
  {{- end }}
  {{- if ne $vhost.https_method "nohttps" }}
  listen {{ $globals.external_https_port }} ssl {{ $default_server }};
@@ -856,4 +866,4 @@ server {
  }
  {{- end }}
 }
-{{- end }}
+{{- end }}
diff --git a/test/test_ssl/test_noredirect.py b/test/test_ssl/test_noredirect.py
@@ -19,9 +19,9 @@ def test_web2_HSTS_policy_is_inactive(docker_compose, nginxproxy):
  assert "Strict-Transport-Security" not in r.headers
 
 
-def test_web3_acme_challenge_does_not_work(docker_compose, nginxproxy, acme_challenge_path):
+def test_web3_acme_challenge_does_work(docker_compose, nginxproxy, acme_challenge_path):
  r = nginxproxy.get(
  f"http://web3.nginx-proxy.tld/{acme_challenge_path}",
  allow_redirects=False
  )
- assert r.status_code == 404
+ assert r.status_code == 200