Don't need to use a regexp because the vhost.d/default configuration must be include
specificaly in each server configurations by the nginx.tmpl template file.
Something like:
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
{{ else if (exists "/etc/nginx/vhost.d/default") }}
include /etc/nginx/vhost.d/default;
{{ end }}
In nginx.tmpl, vhosts.d are included before the 'location /' target, and last basic location wins.
If our /.well-known location is defined as a prefix string (or as a regex), it takes priority over basic locations
Details on http://nginx.org/en/docs/http/ngx_http_core_module.html#location
Add a break into the letsencrypt block so that no more rules are executed otherwise if you have a block like...
## Start of configuration add by letsencrypt container
location /.well-known/acme-challenge/ {
auth_basic off;
root /usr/share/nginx/html;
try_files $uri =404;
}
## End of configuration add by letsencrypt container
if (!-f /code/home/cookies/$cookie_AUTH_COOKIE) {
rewrite ^ https://auth.example.org break;
}
Then lets encrypt never manages to verify the domain as the request gets re-written to the authentication URL.
