Handle dir with trailing dot

Projects NGINX
,
1

I figured out that I have a problem with getting an certificate from Let’s Encrypt, via certbot. They are trying to generate a dir “.well-known” and read it via URL.
So i generated this directory an in the Configuration and created special “location” for that dir.

location ^~ /.well-known/ {
      alias /var/www/html/;
       ....
}

But it does’nt work!

I also tried to escape the dot, but nothing changed.
Is there any way to get it working?

2

Hi @HGA!

I have never had to create anything manually when using certbot. However, instead of trying to debug this issue I would suggest looking into our own automated certificates solution we launched a couple months ago NGINX Introduces Native Support for ACME Protocol  – NGINX Community Blog :slight_smile:

3

Good Morning @alessandro and thank you for your suppotr!
In the link you send me, is under “Setting up the ASME Server” a code starting with “acme_issuer letsencrypt”, but where I have to put these code?

Under “Configuring Challenges” there is under “server {“ a “location / {“ which I can’t use, because it is already used for TYPO3.
Here are my complete Nginx configuration file for my server.

Compressing resource files will save bandwidth and so improve loading speed especially for users

with slower internet connections. TYPO3 can compress the .js and .css files for you.

*) Set $GLOBALS[‘TYPO3_CONF_VARS’][‘BE’][‘compressionLevel’] = 9 for the Backend

*) Set $GLOBALS[‘TYPO3_CONF_VARS’][‘FE’][‘compressionLevel’] = 9 together with the TypoScript properties

config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.

server {
listen 80 default_server;
listen [::]:80 default_server;

# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
client_max_body_size 200M;


    #root /var/www/country-radio.eu/html;
    #server_name example.com www.example.com;
    #location / {
    #        try_files $uri $uri/ =404;
    #}

root /var/www/html/typo3/public/;
# root /var/www/html/;
# root {{ .Docroot}};

# Add index.php to the list if you are using PHP
index index.html index.php index.htm index.nginx-debian.html;

server_name hpradio.country-radio.eu;

### Start HGA
location ~* ^/(phpmyadmin|test|public)$ {
    alias /var/www/html;
    index index.php index.html;
    location ~ \.php$ {
	try_files     $fastcgi_script_name =404;
	include       fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_pass  unix:/run/php/php8.4-fpm.sock;
    }
}

location ^~ /\.well-known$ {
    root /var/www/html/;
    index index.php index.html;
    location ~ \.php$ {
	try_files     $fastcgi_script_name =404;
	include       fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_pass  unix:/run/php/php8.4-fpm.sock;
    }
}



### End HGA

location ~ \.js\.gzip$ {
    add_header Content-Encoding gzip;
    gzip off;
    types { text/javascript gzip; }
}

location ~ \.css\.gzip$ {
    add_header Content-Encoding gzip;
    gzip off;
    types { text/css gzip; }
}

# TYPO3 - Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']

if (!-e $request_filename) {
    rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}

# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
    deny all;
}


# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
    deny all;
}

# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
    deny all;
}

# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt {
    deny all;
}

# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql|sqlite)$ {
    deny all;
}

# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
    deny all;
}

# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
    deny all;
}


# TYPO3 - Block access to libraries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
    deny all;
}


# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
    deny all;
}

# location / {
#    try_files $uri $uri/ /index.php$is_args$args;
# }

### start new ###	
location / {
    try_files $uri $uri/ @sfc;
}

# Special root site case. prevent "try_files $uri/" + "index" from skipping the cache
# by accessing /index.php directly
location =/ {
    recursive_error_pages on;
    error_page 405 = @sfc;
    return 405;
}

location @t3frontend {
    # Using try_files for ease of configuration demonstration here,
    # you can also fastcgi_pass directly to php here
    try_files $uri /index.php$is_args$args;
}

location @sfc {
    # Perform an internal redirect to TYPO3 if any of the required
    # conditions for StaticFileCache don't match
    error_page 405 = @t3frontend;

    # Query String needs to be empty
    if ($args != '') {
	return 405;
    }

    # We can't serve static files for logged-in BE/FE users
    if ($cookie_staticfilecache = 'typo_user_logged_in') {
	return 405;
    }

    if ($cookie_be_typo_user != '') {
	return 405;
    }

    # Ensure we redirect to TYPO3 for non GET/HEAD requests
    if ($request_method !~ ^(GET|HEAD)$ ) {
	return 405;
    }

    # Disable cache for EXT:solr indexing requests
    if ($http_x_tx_solr_iq) {
	return 405;
    }

    # Disable cache for EXT:crawler indexing requests
    if ($http_x_t3crawler) {
	return 405;
    }

    charset utf-8;
    default_type text/html;
    try_files /typo3temp/assets/tx_staticfilecache/${scheme}_${host}_${server_port}${uri}/index
	  /typo3temp/assets/tx_staticfilecache/${scheme}_${host}_${server_port}${uri}
	  =405;
}

location /typo3temp/assets/tx_staticfilecache {
    deny all;
}
### end new ###	

# TYPO3 Backend URLs
location = /typo3 {
    rewrite ^ /typo3/;
}

location /typo3/ {
    try_files $uri /typo3/index.php$is_args$args;
}

location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
	return 404;
    }
    fastcgi_buffer_size 32k;
    fastcgi_buffers 8 16k;
    fastcgi_connect_timeout 240s;
    fastcgi_read_timeout 240s;
    fastcgi_send_timeout 240s;
    fastcgi_pass         unix:/run/php/php8.4-fpm.sock;
    fastcgi_index        index.php;
    include              fastcgi.conf;
}

}
5

Hey again! Check the actual nginx.org docs here Module ngx_http_acme_module for a slightly better sample config! The acme_issuer config block would live outside your server block but inside your http block.