I have following nginx server config:
server {
...
location / {
# First attempt to serve request as file, then
# as directory, then fall back to proxy.
try_files /maintenance.php $uri @proxyPass;
}
location @proxyPass {
proxy_pass http://1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\. {
deny all;
}
include /etc/nginx/acme;
include /etc/nginx/expires.conf;
}
/etc/nginx/acme:
location /.well-known/acme-challenge/ {
allow myip; # my ip
allow serverip; # server ip
allow 66.133.109.36/32; # allow outbound1.letsencrypt.org
allow 64.78.149.164/32; # allow outbound2.letsencrypt.org
allow 64.78.149.164/32; # allow outbound2.letsencrypt.org
deny all; # deny everything else
alias /srv/letsencrypt/acme-challenge/;
try_files $uri =404;
}
the deny all rule for all which starts from dot conflicts with the rule for acme. If I remove it when I am able to access files in acme related folder otherwise I'm getting 403 Forbidden
I tried to set allow all instead of enlisting IP addresses in acme related location block like it is described in:
Overriding nginx deny rule for a single location block
But id does not help
How to make those two location blocks to work together?
