From 8ed836780ecc9b2cdfed051a507838d0877ec95d Mon Sep 17 00:00:00 2001
From: Benjamin Schirmer <mail@codename-matrix.de>
Date: Fri, 5 Jan 2024 12:27:12 +0100
Subject: [PATCH] Update ReverseProxy

Allow `/.well-known/` routes to pass to the reverse proxy service if the file isn't available on disk. This allows Let's Encrypt HTTP challenge by CloudPanel while also allowing the service behind the reverse proxy to get it's own internal certificate or expose other `./well-known/` routes.
---
 v2-varnish/ReverseProxy/ReverseProxy | 31 ++++++++++++++++------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/v2-varnish/ReverseProxy/ReverseProxy b/v2-varnish/ReverseProxy/ReverseProxy
index 1804298..226df08 100755
--- a/v2-varnish/ReverseProxy/ReverseProxy
+++ b/v2-varnish/ReverseProxy/ReverseProxy
@@ -15,18 +15,7 @@ server {
     rewrite ^ https://$host$uri permanent;
   }
 
-  location ~ /.well-known {
-    auth_basic off;
-    allow all;
-  }
-
-  {{settings}}
-
-  add_header Cache-Control no-transform;
-
-  index index.html;
-
-  location / {
+  location @reverse_proxy {
     proxy_pass {{reverse_proxy_url}};
     proxy_http_version 1.1;
     proxy_set_header X-Forwarded-Host $host;
@@ -47,4 +36,20 @@ server {
     proxy_busy_buffers_size 256k;
     proxy_temp_file_write_size 256k;
   }
-}
\ No newline at end of file
+
+  {{settings}}
+
+  add_header Cache-Control no-transform;
+
+  index index.html;
+
+  location ^~ /.well-known {
+    auth_basic off;
+    allow all;
+    try_files $uri @reverse_proxy;
+  }
+
+  location / {
+    try_files $uri @reverse_proxy;
+  }
+}