From 6db4a24e070492e69456cb4457f23b1046e20176 Mon Sep 17 00:00:00 2001
From: VirtuBox <contact@virtubox.net>
Date: Tue, 19 Mar 2019 16:54:07 +0100
Subject: [PATCH] add letsencrypt validation with --proxy

---
 wo/cli/templates/virtualconf-php7.mustache | 15 +++++++++++++--
 wo/cli/templates/virtualconf.mustache      | 15 +++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/wo/cli/templates/virtualconf-php7.mustache b/wo/cli/templates/virtualconf-php7.mustache
index 1ca898d..3f0e45b 100644
--- a/wo/cli/templates/virtualconf-php7.mustache
+++ b/wo/cli/templates/virtualconf-php7.mustache
@@ -25,12 +25,23 @@ server {
         proxy_set_header    X-Real-IP       $remote_addr;
         proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
     }
+    
+    # Security settings for better privacy
+    # Deny hidden files
+    location ~ /\.(?!well-known\/) {
+        deny all;
+    }
+    # letsencrypt validation
+    location /.well-known/acme-challenge/ {
+        alias /var/www/html/.well-known/acme-challenge/;
+        allow all;
+    }
     {{/proxy}}
 
     {{^proxy}}
     root {{webroot}}/htdocs;
 
-    {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}}
+    index {{^static}}index.php{{/static}} index.html index.htm;
 
     {{#static}}
     location / {
@@ -41,7 +52,7 @@ server {
     {{^static}}include {{#basic}}common/php73.conf;{{/basic}}{{#wpfc}}common/wpfc-php73.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php73.conf;{{/wpsc}}{{#wpredis}}common/redis-php73.conf;{{/wpredis}}
     {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}}
     {{#wp}}include common/wpcommon-php73.conf;{{/wp}}
-    {{^proxy}}include common/locations-php73.conf;{{/proxy}}
+    include common/locations-php73.conf;
     include {{webroot}}/conf/nginx/*.conf;
     {{/proxy}}
 }
diff --git a/wo/cli/templates/virtualconf.mustache b/wo/cli/templates/virtualconf.mustache
index 653a5aa..a566c06 100644
--- a/wo/cli/templates/virtualconf.mustache
+++ b/wo/cli/templates/virtualconf.mustache
@@ -25,12 +25,23 @@ server {
         proxy_set_header    X-Real-IP       $remote_addr;
         proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
     }
+    
+    # Security settings for better privacy
+    # Deny hidden files
+    location ~ /\.(?!well-known\/) {
+        deny all;
+    }
+    # letsencrypt validation
+    location /.well-known/acme-challenge/ {
+        alias /var/www/html/.well-known/acme-challenge/;
+        allow all;
+    }
     {{/proxy}}
 
     {{^proxy}}
     root {{webroot}}/htdocs;
     
-    {{^proxy}}index {{^static}}index.php{{/static}} index.html index.htm;{{/proxy}}
+    index {{^static}}index.php{{/static}} index.html index.htm;
 
     {{#static}}
     location / {
@@ -41,7 +52,7 @@ server {
     {{^static}}include {{#basic}}common/php72.conf;{{/basic}}{{#wpfc}}common/wpfc-php72.conf;{{/wpfc}} {{#wpsc}}common/wpsc-php72.conf;{{/wpsc}}{{#wpredis}}common/redis-php72.conf;{{/wpredis}}
     {{#wpsubdir}}include common/wpsubdir.conf;{{/wpsubdir}}{{/static}}
     {{#wp}}include common/wpcommon-php72.conf;{{/wp}}
-    {{^proxy}}include common/locations-php72.conf;{{/proxy}}
+    include common/locations-php72.conf;
     include {{webroot}}/conf/nginx/*.conf;
     {{/proxy}}
 }