From e22fe55bbe448e09ef308fe510e86e020fa5f37b Mon Sep 17 00:00:00 2001
From: Hugo Sales <hugo@hsal.es>
Date: Mon, 14 Mar 2022 22:12:35 +0000
Subject: [PATCH] [TOOLS] Add .well-known/acme-challenge/ root certbot to nginx
 container, to allow certbot certificate renewals

---
 docker/nginx/nginx.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index d6b3a610b7..b083457c83 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -1,3 +1,18 @@
+server {
+    # Listen only on port 81 for localhost, and nothing else.
+    server_name 127.0.0.1;
+    listen 127.0.0.1:81 default_server;
+
+    charset utf-8;
+
+    # Certbot's folder used for the ACME challenge response.
+    location ^~ /.well-known/acme-challenge {
+        default_type text/plain;
+        root /var/www/certbot;
+        try_files $uri =404;
+    }
+}
+
 server {
 
     listen [::]:80;
@@ -5,6 +20,10 @@ server {
 
     server_name %hostname%;
 
+    location '/.well-known/acme-challenge' {
+        proxy_pass http://localhost:81;
+    }
+
     # redirect all traffic to HTTPS
     rewrite ^ https://$host$request_uri? permanent;
 }
@@ -35,6 +54,13 @@ server {
         root /var/www/social;
     }
 
+    location /.well-known/acme-challenge/ {
+        allow all;
+        root /var/www/certbot;
+        try_files $uri =404;
+        break;
+    }
+
     # PHP
     location ~ ^/(index|install)\.php(/.*)?$ {
         include fastcgi_params;