Currently, if a service behind a reverse proxy site needs to obtain a SSL certificate using let's encrypt, the /.well-known/acme-challenge/ routes are always captured by nginx and the request of the service fails.
The change forwards all /.well-known/ requests to the reverse proxy service except those, that are served by the file system directly.
This way a service can obtain it's own certificate (needed for services like owncloud, mailcow etc) or expose other /.well-known routes like webfinger or autodiscovery protocols.
Currently, if a service behind a reverse proxy site needs to obtain a SSL certificate using let's encrypt, the
/.well-known/acme-challenge/
routes are always captured by nginx and the request of the service fails.The change forwards all
/.well-known/
requests to the reverse proxy service except those, that are served by the file system directly.This way a service can obtain it's own certificate (needed for services like owncloud, mailcow etc) or expose other
/.well-known
routes like webfinger or autodiscovery protocols.