From 70659362445faa3daf53d1189594325c678d3ab6 Mon Sep 17 00:00:00 2001
From: Shane St Savage <shanestsavage@gmail.com>
Date: Thu, 29 May 2025 18:45:25 +0000
Subject: [PATCH] Set auth_request off for all acme challenge locations

Adds missing `auth_request off;` to a few
`.well-known/acme-challenge` location blocks.

This is needed to allow unrestricted access to
`.well-known/acme-challenge` files on servers
where `auth_request` is otherwise globally applied.

See #1409, nginx-proxy/acme-companion#570
---
 nginx.tmpl | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index afc9f16..fa23bd4 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -865,6 +865,7 @@ server {
         {{- if $globals.config.acme_http_challenge_accept_unknown_host }}
     location ^~ /.well-known/acme-challenge/ {
         auth_basic off;
+        auth_request off;
         allow all;
         root /usr/share/nginx/html;
         try_files $uri =404;
@@ -970,6 +971,7 @@ server {
         {{- if (and (eq $vhost.https_method "noredirect") $vhost.acme_http_challenge_enabled) }}
     location /.well-known/acme-challenge/ {
         auth_basic off;
+        auth_request off;
         allow all;
         root /usr/share/nginx/html;
         try_files $uri =404;