From 1dd5f2b1f97e308137769a537b2ca445b0cb57e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <nix@dotlambda.de>
Date: Mon, 5 Feb 2024 00:31:37 -0800
Subject: [PATCH] nixos/nginx: turn auth_request off for ACME challenge

This is e.g. necessary when using tailscale-nginx-auth.
---
 nixos/modules/services/web-servers/nginx/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 6799de6c7d96..93b1a3fdfadd 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -361,10 +361,12 @@ let
             ${optionalString (vhost.acmeFallbackHost != null) "try_files $uri @acme-fallback;"}
             ${optionalString (vhost.acmeRoot != null) "root ${vhost.acmeRoot};"}
             auth_basic off;
+            auth_request off;
           }
           ${optionalString (vhost.acmeFallbackHost != null) ''
             location @acme-fallback {
               auth_basic off;
+              auth_request off;
               proxy_pass http://${vhost.acmeFallbackHost};
             }
           ''}