From 50bd20fce9d0a716114d0165d222f9a90e8c3f0f Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Lescher <Jean-Baptiste_Lescher@sigmadesigns.com>
Date: Tue, 30 Jan 2018 17:16:46 +0100
Subject: [PATCH] [Fix] Stronger match for acme-challenge nginx location

If an application (for instance roundcube) installed at the root of a
subdomain has the following nginx configuration:

	location ~ ^/(.+/|)\. {
		deny all;
	}

acme-challenge matching location:

	location '/.well-known/acme-challenge'
	{
		default_type "text/plain";
		alias /tmp/acme-challenge-public/;
	}

will not be used.

This fix prevents further matching by regular expressions.

Co-authored-by: Tomo59 <thomas.gambier@gmail.com>
---
 src/yunohost/certificate.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index b6fb0e275..2394f26d5 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -463,7 +463,7 @@ def _configure_for_acme_challenge(auth, domain):
     nginx_conf_file = "%s/000-acmechallenge.conf" % nginx_conf_folder
 
     nginx_configuration = '''
-location '/.well-known/acme-challenge'
+location ^~ '/.well-known/acme-challenge'
 {
         default_type "text/plain";
         alias %s;