The directive that blocks dotfile requests is now under a conditional. See https://support.d4science.org/issues/16586

nginx/defaults/main.yml

@@ -93,6 +93,7 @@ nginx_ssl_type: ssl
 # When we do not use letsencrypt:
 # nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
 # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
+nginx_block_dotfiles: True
 
 # Virtualhost example
 # nginx_virthosts:

nginx/templates/nginx-virthost.j2

@@ -9,12 +9,14 @@ include /etc/nginx/snippets/nginx-websockets.conf;
 server {
     listen {{ item.http_port | default ('80') }};
     server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
+{% if nginx_block_dotfiles %}
     location ~ /\.(?!well-known).* {
         deny all;
         access_log off;
         log_not_found off;
         return 404;
     }
+{% endif %}
 
 {% if letsencrypt_acme_install %}
     include /etc/nginx/snippets/letsencrypt-proxy.conf;
@@ -54,12 +56,14 @@ server {
         log_not_found off;
         access_log off;
     }
+{% if nginx_block_dotfiles %}
     location ~ /\. {
         deny all;
         access_log off;
         log_not_found off;
         return 404;
     }
+{% endif %}
     {% if haproxy_ips is defined %}
     # We are behind haproxy
     {% for ip in haproxy_ips %}
@@ -213,9 +217,14 @@ server {
         log_not_found off;
         access_log off;
     }
+{% if nginx_block_dotfiles %}
     location ~ /\. {
         deny all;
+        access_log off;
+        log_not_found off;
+        return 404;
     }
+{% endif %}
 
     {% if haproxy_ips is defined %}
     # We are behind haproxy