Allow /.well-known/acme-challenge but deny dot files

Anoop Alias anoopalias01 at gmail.com
Tue Apr 4 08:45:28 UTC 2017


You can put it above the other deny location
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}



On Tue, Apr 4, 2017 at 2:06 PM, Martin Wolfert <martin at martin-wolfert.de>
wrote:

> Hi,
>
> try this:
>
> # Allow access to the letsencrypt ACME Challenge
> location ~ /\.well-known\/acme-challenge {
>     allow all;
> }
>
> Best,
> Martin
>
>
>
> Am 04.04.2017 um 10:33 schrieb basti:
>
>> Hello,
>>
>> at the Moment I use this config
>>
>> # Deny access to all .invisible files.
>> location ~ /\. { deny  all; access_log off; log_not_found off; }
>>
>>
>> Now I need access to Let's Encrypt acme-challenge and add this to my
>> config before deny all .invisible files, now it looks like
>>
>> ...
>> # Allow Let's Encrypt acme-challenge
>> location /.well-known/acme-challenge { allow all; access_log on; }
>>
>> # Deny access to all .invisible files.
>> location ~ /\. { deny  all; access_log off; log_not_found off; }
>> ...
>>
>> I have reload nginx but I have no access to
>> http://example.com/.well-known/acme-challenge
>>
>> Log say "access forbidden by rule."
>> Is there a way to allow /.well-known/ and deny all other?
>>
>> Best Regards,
>> basti
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
*Anoop P Alias*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170404/9bee2894/attachment.html>


More information about the nginx mailing list