From 9c384c7eb85b9833bad491e14fffcfe3b9c59ee5 Mon Sep 17 00:00:00 2001
From: bossm8 <91630231+bossm8@users.noreply.github.com>
Date: Sat, 9 Mar 2024 01:06:47 +0100
Subject: [PATCH] Undo #11062 since it breaks the nginx config (#11082)

* [mTLS] Fix acme verfication when mTLS and Client CN verification is enabled

* revert mTLS location excluding acme-challenge since each location will match ultimately resulting in 404 for all request paths
---
 rootfs/etc/nginx/template/nginx.tmpl | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 381fc134c..d58be2880 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -985,10 +985,8 @@ stream {
 
         {{ if not ( empty $server.CertificateAuth.MatchCN ) }}
         {{ if gt (len $server.CertificateAuth.MatchCN) 0 }}
-        location ~ ^/(?!(\.well-known/acme-challenge)) {
-            if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
-                return 403 "client certificate unauthorized";
-            }
+        if ( $ssl_client_s_dn !~ {{ $server.CertificateAuth.MatchCN }} ) {
+            return 403 "client certificate unauthorized";
         }
         {{ end }}
         {{ end }}