Skip to content

Update default.conf.sample to deny dotfile access#73

Open
nemchik wants to merge 2 commits into
masterfrom
deny-dotfile-access
Open

Update default.conf.sample to deny dotfile access#73
nemchik wants to merge 2 commits into
masterfrom
deny-dotfile-access

Conversation

@nemchik
Copy link
Copy Markdown
Member

@nemchik nemchik commented May 5, 2026

No description provided.

@nemchik
Update default.conf.sample to deny dotfile access
fd863cf 
Signed-off-by: Eric Nemchik <eric@nemchik.com>
Copilot AI review requested due to automatic review settings May 5, 2026 21:36
@LinuxServer-CI LinuxServer-CI moved this to PRs Ready For Team Review in Issue & PR Tracker May 5, 2026
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the default nginx site configuration sample to block access to dotfiles while still permitting access to /.well-known (commonly needed for ACME challenges), and bumps the embedded version header.

Changes:

  • Added explicit location handling to allow /.well-known requests.
  • Added a regex location to return 404 for dotfile paths.
  • Reformatted the PHP if (!-f ...) guard into a multi-line block.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread root/defaults/nginx/site-confs/default.conf.sample
index index.html index.htm index.php;

# Allow access to the ".well-known" directory
location ^~ /.well-known {
@LinuxServer-CI
Copy link
Copy Markdown
Contributor

LinuxServer-CI commented May 5, 2026

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/cops/4.3.1-pkg-f1788705-dev-72dfe8df2b534bad6c1f89b8ca2b3d13cc1e5325-pr-73/index.html
https://ci-tests.linuxserver.io/lspipepr/cops/4.3.1-pkg-f1788705-dev-72dfe8df2b534bad6c1f89b8ca2b3d13cc1e5325-pr-73/shellcheck-result.xml

Tag Passed
amd64-4.3.1-pkg-f1788705-dev-72dfe8df2b534bad6c1f89b8ca2b3d13cc1e5325-pr-73
arm64v8-4.3.1-pkg-f1788705-dev-72dfe8df2b534bad6c1f89b8ca2b3d13cc1e5325-pr-73

@mikespub
Copy link
Copy Markdown
Contributor

mikespub commented May 27, 2026

This seems to be a duplicate of PR #70 which was already included and merged in PR #72

@nemchik
Copy link
Copy Markdown
Member Author

nemchik commented May 27, 2026

This seems to be a duplicate of PR #70 which was already included and merged in PR #72

This moves things around a bit based on the comments from copilot. There are PRs open on our other images using the nginx base that haven't merged yet, but the goal is to keep the confs similar across all of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Issue & PR Tracker
Status: PRs Ready For Team Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nemchik @LinuxServer-CI @mikespub