Update default.conf.sample to deny dotfile access

nemchik · nemchik · commit b54d672019c2 · 2026-02-08T09:39:26.000-06:00
Signed-off-by: Eric Nemchik &lt;eric@nemchik.com&gt;
diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample
@@ -1,4 +1,4 @@
-## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2026/02/08 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/site-confs/default.conf.sample
 
 server {
     listen 80 default_server;
@@ -39,8 +39,16 @@ server {
         include /etc/nginx/fastcgi_params;
     }
 
-    # deny access to .htaccess/.htpasswd files
-    location ~ /\.ht {
+    # deny access to all dotfiles
+    location ~ /\. {
         deny all;
+        log_not_found off;
+        access_log off;
+        return 404;
+    }
+
+    # Allow access to the ".well-known" directory
+    location ^~ /.well-known {
+        allow all;
     }
 }
