tcjlj/nginx-proxy-manager-zh
1
0
Fork 0
mirror of https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git synced 2025-01-22 21:08:13 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bypass basic auth for letsencrypt acme requests, reload nginx after ssl renewals

Browse Source
This commit is contained in:
Jamie Curnow 2018-03-16 10:53:50 +10:00
parent b324110c49
commit 36896bcfc9
3 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manager/src/backend/internal/ssl.js
View File

@ -30,7 +30,11 @@ const internalSsl = {
.then(result => { .then(result => {
logger.info(result); logger.info(result);
internalSsl.interval_processing = false; internalSsl.interval_processing = false;
return internalNginx.reload()
.then(() => {
return result; return result;
});
}) })
.catch(err => { .catch(err => {
logger.error(err); logger.error(err);

9
manager/src/backend/templates/proxy.conf.ejs
View File

@ -20,14 +20,13 @@ server {
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
<% } -%> <% } -%>
<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
auth_basic "Authorization required";
auth_basic_user_file /config/access/<%- access_list_id %>;
<% } -%>
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %> <%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
location / { location / {
<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
auth_basic "Authorization required";
auth_basic_user_file /config/access/<%- access_list_id %>;
<% } -%>
<%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %> <%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %>
include conf.d/include/proxy.conf; include conf.d/include/proxy.conf;
} }

1
rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
View File

@ -2,6 +2,7 @@
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel # We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names. # other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
auth_basic off;
# Set correct content type. According to this: # Set correct content type. According to this:
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29 # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29