nginx vhost: exclude let's encrypt from rewrites

Author: d--j

server/conf/nginx_vhost.conf.master

@@ -46,29 +46,29 @@ server {
 <tmpl_if name='ssl_enabled'>
 <tmpl_if name='rewrite_to_https' op='==' value='y'>
         if ($scheme != "https") {
-            rewrite ^ https://$http_host$request_uri? permanent;
+            rewrite ^(?!/\.well-known/acme-challenge)/ https://$http_host$request_uri? permanent;
         }
 </tmpl_if>
 </tmpl_if>
 <tmpl_if name='seo_redirect_enabled'>
         if ($http_host <tmpl_var name='seo_redirect_operator'> "<tmpl_var name='seo_redirect_origin_domain'>") {
-            rewrite ^ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
+            rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='seo_redirect_target_domain'>$request_uri? permanent;
         }
 </tmpl_if>
 <tmpl_loop name="alias_seo_redirects">
         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
-            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
+            rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
         }
 </tmpl_loop>
 <tmpl_loop name="local_redirects">
         if ($http_host <tmpl_var name='local_redirect_operator'> "<tmpl_var name='local_redirect_origin_domain'>") {
-            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
+            rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$1 <tmpl_var name='local_redirect_type'>;
         }
 </tmpl_loop>
 
 <tmpl_loop name="own_redirects">
 <tmpl_if name='use_rewrite'>
-        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$2 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
+        <tmpl_if name='exclude_own_hostname'>if ($http_host != "<tmpl_var name='exclude_own_hostname'>") { </tmpl_if>rewrite ^<tmpl_var name='rewrite_exclude'>(.*)$ <tmpl_var name='rewrite_target'>$1 <tmpl_var name='rewrite_type'>;<tmpl_if name='exclude_own_hostname'> }</tmpl_if>
 </tmpl_if>
 <tmpl_if name='use_proxy'>
         location / {
@@ -364,7 +364,7 @@ server {
 <tmpl_if name='alias_seo_redirects2'>
 <tmpl_loop name="alias_seo_redirects2">
         if ($http_host <tmpl_var name='alias_seo_redirect_operator'> "<tmpl_var name='alias_seo_redirect_origin_domain'>") {
-            rewrite ^ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
+            rewrite ^(?!/\.well-known/acme-challenge)/ $scheme://<tmpl_var name='alias_seo_redirect_target_domain'>$request_uri? permanent;
         }
 </tmpl_loop>
 </tmpl_if>

server/plugins-available/nginx_plugin.inc.php

@@ -1484,7 +1484,7 @@ function update($event_name, $data) {
 						}
 					} else {
 						// external URL
-						$rewrite_exclude = '(.?)/';
+						$rewrite_exclude = '(?!\.well-known/acme-challenge)/';
 						if($data['new']['redirect_type'] == 'proxy'){
 							$vhost_data['use_proxy'] = 'y';
 							$rewrite_subdir = $tmp_redirect_path_parts['path'];
@@ -1536,7 +1536,7 @@ function update($event_name, $data) {
 						}
 					} else {
 						// external URL
-						$rewrite_exclude = '(.?)/';
+						$rewrite_exclude = '(?!\.well-known/acme-challenge)/';
 						if($data['new']['redirect_type'] == 'proxy'){
 							$vhost_data['use_proxy'] = 'y';
 							$rewrite_subdir = $tmp_redirect_path_parts['path'];
@@ -1586,7 +1586,7 @@ function update($event_name, $data) {
 						}
 					} else {
 						// external URL
-						$rewrite_exclude = '(.?)/';
+						$rewrite_exclude = '(?!\.well-known/acme-challenge)/';
 						if($data['new']['redirect_type'] == 'proxy'){
 							$vhost_data['use_proxy'] = 'y';
 							$rewrite_subdir = $tmp_redirect_path_parts['path'];