7 年之前 · 36896bcfc9
--- a/manager/src/backend/internal/ssl.js
+++ b/manager/src/backend/internal/ssl.js
@@ -30,7 +30,11 @@ const internalSsl = {
 
				                 .then(result => {
			
 
				                     logger.info(result);
			
 
				                     internalSsl.interval_processing = false;
			
 
				-                    return result;
			
 
				+
			
 
				+                    return internalNginx.reload()
			
 
				+                        .then(() => {
			
 
				+                            return result;
			
 
				+                        });
			
 
				                 })
			
 
				                 .catch(err => {
			
 
				                     logger.error(err);
			
--- a/manager/src/backend/templates/proxy.conf.ejs
+++ b/manager/src/backend/templates/proxy.conf.ejs
@@ -20,14 +20,13 @@ server {
 
				   ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
			
 
				 <% } -%>
			
 
				 
			
 
				-<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
			
 
				-  auth_basic            "Authorization required";
			
 
				-  auth_basic_user_file  /config/access/<%- access_list_id %>;
			
 
				-<% } -%>
			
 
				-
			
 
				 <%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
			
 
				 
			
 
				   location / {
			
 
				+    <% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
			
 
				+    auth_basic            "Authorization required";
			
 
				+    auth_basic_user_file  /config/access/<%- access_list_id %>;
			
 
				+    <% } -%>
			
 
				     <%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %>
			
 
				     include conf.d/include/proxy.conf;
			
 
				   }
			
--- a/rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
+++ b/rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
@@ -2,6 +2,7 @@
 
				 # We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
			
 
				 # other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
			
 
				 location ^~ /.well-known/acme-challenge/ {
			
 
				+    auth_basic off;
			
 
				 
			
 
				     # Set correct content type. According to this:
			
 
				     # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
			
@@ -14,7 +15,7 @@ location ^~ /.well-known/acme-challenge/ {
 
				     # there to "webroot".
			
 
				     # Do NOT use alias, use root! Target directory is located here:
			
 
				     # /var/www/common/letsencrypt/.well-known/acme-challenge/
			
 
				-    root         /config/letsencrypt-acme-challenge;
			
 
				+    root /config/letsencrypt-acme-challenge;
			
 
				 }
			
 
				 
			
 
				 # Hide /acme-challenge subdirectory and return 404 on all requests.