Fixed HTTPoxy vulnerability ref #251

fastcgi_params

@@ -30,3 +30,6 @@ fastcgi_param REDIRECT_STATUS 200;
 fastcgi_param HTTPS $fastcgi_https if_not_empty;
 ## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above.
 #fastcgi_param HTTPS $fastcgi_https;
+
+## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx
+fastcgi_param HTTP_PROXY "";

sites-available/example.com.conf

@@ -56,6 +56,12 @@ server {
     ## Uncomment if you're proxying to Apache for handling PHP.
     #proxy_http_version 1.1; # keep alive to the Apache upstream
 
+    # Allow "Well-Known URIs" as per RFC 5785.
+    # Necessary for Let’s Encrypt validation server.
+    location ~* ^/.well-known/ {
+        allow all;
+    }
+
     ################################################################
     ### Generic configuration: for most Drupal 7 sites.
     ################################################################