3

I'm setting up Let's Encrypt certificate for my website and I have a little problem with accessing ACME challenge files because of one of my location rules. Basically I have rule for denying access to hidden files along few others which I need for protection of system data files which are available on that virtual domain. Here is my rule which is blocking access to hidden files:

location ~ ^/(?:\.|data|config|db_structure\.xml){
    deny all;
}

And the rule for accessing ACME challenge files is:

location /.well-known/acme-challenge/ {
    alias /var/www/challenges/;
    try_files $uri =404;
}

I would like to combine those two rules that nginx wouldn't deny requests for ACME challenges. I was trying to place rule for ACME challenges above and below hidden files rule, but it doesn't work in both cases. I also made some modifications to both rules, but I couldn't get it working as expected. I would be really grateful for any help with this problem.

user1257255
  • 1,161
  • 8
  • 26
  • 55

1 Answers1

2

Use the ^~ modifier, which makes the prefix location block take precedence over any regular expression location block at the same level.

For example:

location ^~ /.well-known/acme-challenge/ { ... }

The above is still a prefix location block. See this document for details.

Richard Smith
  • 45,711
  • 6
  • 82
  • 81