Quantcast

Allow /.well-known/acme-challenge but deny dot files

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Allow /.well-known/acme-challenge but deny dot files

basti-2
Hello,

at the Moment I use this config

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }


Now I need access to Let's Encrypt acme-challenge and add this to my
config before deny all .invisible files, now it looks like

...
# Allow Let's Encrypt acme-challenge
location /.well-known/acme-challenge { allow all; access_log on; }

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }
...

I have reload nginx but I have no access to
http://example.com/.well-known/acme-challenge

Log say "access forbidden by rule."
Is there a way to allow /.well-known/ and deny all other?

Best Regards,
basti
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Allow /.well-known/acme-challenge but deny dot files

Martin Wolfert
Hi,

try this:

# Allow access to the letsencrypt ACME Challenge
location ~ /\.well-known\/acme-challenge {
     allow all;
}

Best,
Martin


Am 04.04.2017 um 10:33 schrieb basti:

> Hello,
>
> at the Moment I use this config
>
> # Deny access to all .invisible files.
> location ~ /\. { deny  all; access_log off; log_not_found off; }
>
>
> Now I need access to Let's Encrypt acme-challenge and add this to my
> config before deny all .invisible files, now it looks like
>
> ...
> # Allow Let's Encrypt acme-challenge
> location /.well-known/acme-challenge { allow all; access_log on; }
>
> # Deny access to all .invisible files.
> location ~ /\. { deny  all; access_log off; log_not_found off; }
> ...
>
> I have reload nginx but I have no access to
> http://example.com/.well-known/acme-challenge
>
> Log say "access forbidden by rule."
> Is there a way to allow /.well-known/ and deny all other?
>
> Best Regards,
> basti
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Allow /.well-known/acme-challenge but deny dot files

Anoop Alias
You can put it above the other deny location
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}



On Tue, Apr 4, 2017 at 2:06 PM, Martin Wolfert <[hidden email]> wrote:
Hi,

try this:

# Allow access to the letsencrypt ACME Challenge
location ~ /\.well-known\/acme-challenge {
    allow all;
}

Best,
Martin



Am 04.04.2017 um 10:33 schrieb basti:
Hello,

at the Moment I use this config

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }


Now I need access to Let's Encrypt acme-challenge and add this to my
config before deny all .invisible files, now it looks like

...
# Allow Let's Encrypt acme-challenge
location /.well-known/acme-challenge { allow all; access_log on; }

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }
...

I have reload nginx but I have no access to
http://example.com/.well-known/acme-challenge

Log say "access forbidden by rule."
Is there a way to allow /.well-known/ and deny all other?

Best Regards,
basti
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx



--
Anoop P Alias 


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Allow /.well-known/acme-challenge but deny dot files

Edho Arief-2
In reply to this post by basti-2
Hi,

On Tue, Apr 4, 2017, at 17:45, Anoop Alias wrote:
> You can put it above the other deny location
> # Allow "Well-Known URIs" as per RFC 5785
> location ~* ^/.well-known/ {
> allow all;
> }
>

Or use "^~" because it's of higher precedence compared to "~".

> If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.

http://nginx.org/r/location

location ^~ /.well-known/ { }
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...