From 013310ded03de6b63885c62797395a116cbf4ce6 Mon Sep 17 00:00:00 2001
From: EDIflyer <ajr@alanjrobertson.co.uk>
Date: Sun, 13 Aug 2023 16:44:58 +0100
Subject: [PATCH 1/3] LetsEncrypt ACME redirect issue fixes #2881

---
 .../rootfs/etc/nginx/conf.d/include/force-ssl.conf  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 15f0d285..93ad90f1 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -1,3 +1,14 @@
+# Since force-ssl.conf has now moved to the server section it overrides
+# the LetsEncrypt config which is inside a location section
+# Set FORCE variable in first two if tests pass and action in the third
+set $FORCE "";
 if ($scheme = "http") {
-	return 301 https://$host$request_uri;
+        set $FORCE 'H';
 }
+if ($request_uri !~ "^\/.well-known\/acme-challenge\/(.*)") {
+        set $FORCE "${FORCE}D";
+}
+# If we are http and outside the LetsEncrypt directories redirect to https via 301
+if ($FORCE = HD) {
+        return 301 https://$host$request_uri;
+}
\ No newline at end of file

From 2e528348b7a3f91b9ffe90c0c2bd13ff2d5a48b5 Mon Sep 17 00:00:00 2001
From: EDIflyer <EDIflyer@users.noreply.github.com>
Date: Fri, 31 May 2024 12:16:18 +0100
Subject: [PATCH 2/3] fix regex as per @lbogdan in
 https://github.com/NginxProxyManager/nginx-proxy-manager/pull/3121#discussion_r1621959578

---
 docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 93ad90f1..a992f315 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -5,7 +5,7 @@ set $FORCE "";
 if ($scheme = "http") {
         set $FORCE 'H';
 }
-if ($request_uri !~ "^\/.well-known\/acme-challenge\/(.*)") {
+if ($request_uri !~ "^\/\.well-known\/acme-challenge\/(.*)") {
         set $FORCE "${FORCE}D";
 }
 # If we are http and outside the LetsEncrypt directories redirect to https via 301

From 2bb99e68d8299d60a8e6db677bb559e814b409bb Mon Sep 17 00:00:00 2001
From: EDIflyer <EDIflyer@users.noreply.github.com>
Date: Tue, 11 Jun 2024 07:59:38 +0100
Subject: [PATCH 3/3] Update force-ssl.conf

Revised as per PR discussion.
---
 docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index e79dca6b..347df40f 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -2,16 +2,9 @@ set $test "";
 if ($scheme = "http") {
 	set $test "H";
 }
-if ($request_uri ~ "^\/\.well-known\/acme-challenge\/(.*)" {
+if ($request_uri ~ "^\/\.well-known\/acme-challenge\/(.*)") {
 	set $test "${test}T";
 }
 if ($test = H) {
 	return 301 https://$host$request_uri;
 }
-if ($request_uri !~ "^\/\.well-known\/acme-challenge\/(.*)") {
-        set $FORCE "${FORCE}D";
-}
-# If we are http and outside the LetsEncrypt directories redirect to https via 301
-if ($FORCE = HD) {
-        return 301 https://$host$request_uri;
-}
\ No newline at end of file