Serving acme-challenges from two web-servers sharing the same domain via nginx

Say you have nginx listening on port 80 and sharing a domain with another web-server (e.g. Proxmox web-server) that is listening on a different port, and you want to route HTTP-01 (“acme-challenge”) requests to that second web-server.

It’s doable via nginx by using the error_page location fallback technique like so:

server {
    listen 80;
    server_name ...;

    location ^~ /.well-known/acme-challenge {
        alias /var/lib/dehydrated/acme-challenges;
        error_page 404 = @second-server;
    }

    location @second-server {
        include proxy_params;
        proxy_pass http://<ip>:<port>$request_uri;
    }
}

First nginx tries to locate the acme-challenge file locally and if it’s not present, the request goes to another web-server via proxy_pass. The equal sign (=) in the error_page directive makes nginx use the response code from the proxy instead of 404.

This entry was posted in How to’s and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *