Bring ACME no redirection inline with companion

Add the following to the Let's Encrypt ACME challenge "no redirection to HTTPS"
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/570
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/pull/335

README.md

@@ -403,25 +403,6 @@ If you are using multiple hostnames for a single container (e.g. `VIRTUAL_HOST=e
 If you want most of your virtual hosts to use a default single `location` block configuration and then override on a few specific ones, add those settings to the `/etc/nginx/vhost.d/default_location` file. This file
 will be used on any virtual host which does not have a `/etc/nginx/vhost.d/{VIRTUAL_HOST}_location` file associated with it.
 
-#### Pre-VIRTUAL_HOST custom location blocks
-
-In some circumstances you may want to override nginx's default `/` location block behavior.  Typically, this block acts as a catch-all in order to forward requests not already matched by a specific `location` block directly onto your container as-is.
-
-To provide your own location blocks and bypass the automatic generation of them, simply add your location blocks to a configuration file file under `/etc/nginx/vhost.d` like in the other Per-VIRTUAL_HOST sections except with the suffix `_locations`. Notice the 's' to make the filename plural.  
-The contents of this file will replace all auto-generated location blocks. Additionally, this file will take priority over the previously described location configuration.
-
-When using location overrides, you are responsible for handling any requests that should be forwarded to your container. Passing a request to your container is done using the `proxy_pass` instruction within your defined location blocks.  `proxy_pass` expects a qualified hostname in order
-to forward a request.  By default, nginx-proxy aliases containers to the defined `VIRTUAL_HOST` name.  So if you launch your container with a `VIRTUAL_HOST` value of `app.example.com`, then forwarding a request to your container would look something like this:
-
-```
-location / {
-	proxy_pass http://app.example.com;
-}
-```
-
-If you are using an SSL-enabled container, you would use `https://` in place of `http://`.  You could include any number of other location blocks for nginx to consider and even forward requests to external hosts when they match certain conditions.  You can also use any other rules and instructions
-available to nginx location blocks.
-
 ### Contributing
 
 Before submitting pull requests or issues, please check github to make sure an existing issue or pull request is not already open.

nginx.tmpl

@@ -138,8 +138,6 @@ proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
 proxy_set_header Proxy "";
 {{ end }}
 
-{{ $access_log := (or (and (not $.Env.DISABLE_ACCESS_LOGS) "access_log /var/log/nginx/access.log vhost;") "") }}
-
 {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
 server {
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.
@@ -147,7 +145,7 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:{{ $external_http_port }};
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 	return 503;
 }
 
@@ -158,7 +156,7 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:{{ $external_https_port }} ssl http2;
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 	return 503;
 
 	ssl_session_cache shared:SSL:50m;
@@ -250,11 +248,12 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:{{ $external_http_port }} {{ $default_server }};
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 	
 	# Do not HTTPS redirect Let'sEncrypt ACME challenge
-	location /.well-known/acme-challenge/ {
+	location ^~ /.well-known/acme-challenge/ {
 		auth_basic off;
+		auth_request off;
 		allow all;
 		root /usr/share/nginx/html;
 		try_files $uri =404;
@@ -273,7 +272,7 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 
 	{{ if eq $network_tag "internal" }}
 	# Only allow traffic from internal clients
@@ -309,9 +308,6 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
-	{{ if (exists (printf "/etc/nginx/vhost.d/%s_locations" $host)) }}
-	include {{ printf "/etc/nginx/vhost.d/%s_locations" $host}};
-	{{ else }}
 	location / {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
@@ -336,7 +332,6 @@ server {
 		include /etc/nginx/vhost.d/default_location;
 		{{ end }}
 	}
-	{{ end }}
 }
 
 {{ end }}
@@ -349,7 +344,7 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:80 {{ $default_server }};
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 
 	{{ if eq $network_tag "internal" }}
 	# Only allow traffic from internal clients
@@ -362,9 +357,6 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
-	{{ if (exists (printf "/etc/nginx/vhost.d/%s_locations" $host)) }}
-	include {{ printf "/etc/nginx/vhost.d/%s_locations" $host}};
-	{{ else }}
 	location / {
 		{{ if eq $proto "uwsgi" }}
 		include uwsgi_params;
@@ -388,7 +380,6 @@ server {
 		include /etc/nginx/vhost.d/default_location;
 		{{ end }}
 	}
-	{{ end }}
 }
 
 {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
@@ -398,7 +389,7 @@ server {
 	{{ if $enable_ipv6 }}
 	listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
 	{{ end }}
-	{{ $access_log }}
+	access_log /var/log/nginx/access.log vhost;
 	return 500;
 
 	ssl_certificate /etc/nginx/certs/default.crt;