我有以下 nginx 服务器配置:
server {
...
location / {
# First attempt to serve request as file, then
# as directory, then fall back to proxy.
try_files /maintenance.php $uri @proxyPass;
}
location @proxyPass {
proxy_pass http://1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\. {
deny all;
}
include /etc/nginx/acme;
include /etc/nginx/expires.conf;
}
/etc/nginx/acme:
location /.well-known/acme-challenge/ {
allow myip; # my ip
allow serverip; # server ip
allow 66.133.109.36/32; # allow outbound1.letsencrypt.org
allow 64.78.149.164/32; # allow outbound2.letsencrypt.org
allow 64.78.149.164/32; # allow outbound2.letsencrypt.org
deny all; # deny everything else
alias /srv/letsencrypt/acme-challenge/;
try_files $uri =404;
}
deny all所有从点开始的规则与 acme 的规则冲突。如果我在能够访问 acme 相关文件夹中的文件时将其删除,否则我会收到 403 Forbidden
我尝试allow all在 acme 相关的位置块中设置而不是登记 IP 地址,如下所述:
覆盖单个位置块的 nginx 拒绝规则
但 id 没有帮助
如何使这两个位置块一起工作?
正则表达式位置块,如您的拒绝规则,通常优先于 nginx 中的前缀匹配。
^~通过添加到您的块定义来防止正则表达式检查并优先考虑前缀匹配: