Allow access to acme challenge even when restricted

2016-06-06 11:44:17 +02:00 · 2016-06-06 11:44:17 +02:00 · adf314984c
parent 57aeaa5cf1
commit adf314984c
1 changed files with 10 additions and 2 deletions
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
@ -84,7 +84,7 @@ if ($allow ne ''){
    else{
        $allow =~ s/[,;]/ /g;
    }
-    $OUT .=<<"EOF"
+    $OUT .=<<"EOF";

    <Location />
        Order deny,allow
@ -92,6 +92,10 @@ if ($allow ne ''){
        Allow from $allow
    </Location>

+    <Location /.well-known/acme-challenge/>
+        Allow from all
+    </Location>
+
 EOF
 }

@ -101,9 +105,13 @@ if ($auth =~ m/^Basic$/i){
        $require = "Require ldap-group ";
        $require .= "cn=$_,ou=Groups,$base " foreach(@groups);
    }
-    $OUT .=<<"EOF";
+    SetEnvIf %{Request_URI} "^/\.well\-known/acme\-challenge" granted=1

    <Location />
+        Order deny,allow
+        Satisfy any
+        Deny from all
+        Allow from env=granted
        AuthType basic
        AuthName "$name"
        AuthBasicProvider ldap