Posts by m4rv1n00

Yes, it is intercepted and blocked on forward with this
ProxyPassMatch ^/((?!(?:\.well-known|errors)/).*)

but after this only errors is redirect with this

Alias /errors/ /var/www/virtual/xxxxx/errors/

I added this

Alias /.well-known/ /var/www/virtual/xxxxx/sub/htdocs/.well-known/
<Directory /var/www/virtual/xxxxx/sub/htdocs/.well-known/>
Require all granted
</Directory>

to work

But this have to be made manually every time because of the scheleton.

How about inlude the generic alias "/.well-known/acme-challenge/" in the "installation"?
Because on how it is now, it intercept the call to the path but going in error if you don't have plugin.
I understand plugin is enanched but in this case it will never work without this additional configuration because it is wrongly forbidden by ProxyPassMatch by default

Yes, is going on the apache but is not going on the right folder in the imscp server.

If I don't configure the proxy, the file from /.well-known/ folder it's back with a 200 (success) because it reside on imscp server in the right folder.
If after the test on the previous row, I configure the proxy, the call to /.well-known/ is not forwarded to the application server and is back with a 404 (error).

Try yourself if you have the same behavior

Application server back is an apache and no .htaccess is definied.

WITH PROXY ENABLED
[22/Mar/2017:10:31:46 +0100] "GET /.well-known/acme-challenge/thdyezcHPRcRoDk85kmPxSCCxpS2n7Pwxyn9kX0wWYc HTTP/1.1" 404 624 "-" "Mozilla/5.0

WITHOUT PROXY
[22/Mar/2017:10:32:38 +0100] "GET /.well-known/acme-challenge/thdyezcHPRcRoDk85kmPxSCCxpS2n7Pwxyn9kX0wWYc HTTP/1.1" 200 88 "-" "Mozilla/5.0

The folder /.well-known/ is manually created with permission of folder on upper level

i-MSCP 1.3.16
Build: 20170107
Codename: Horner

Step to reproduce problem:
- create new domain, don't enter proxy now (if you set as proxy at this stage imscp will not create the folder)
- configure the domain as proxy vs backend application server (internet <-> imscp frontend <-> application server)
- make a request to configured domain like http://www.yourdomain.ltd/.well-known/acme-challenge/blablabla
- the request will be forwarded to application server instead to be intercepted by imscp frontend

If you need other information let me know, I will be glad to help you

In theory, when you chose to proxy your site to another server, the strings .well-known and errors don't have to be proxied.
I tried, but every time I choose proxy mode in imscp, it will forward all the strings included \.well-known.

Confirm I changed it directly in the database also for security reason (avoid standard name "admin" to be used).

omg maybe I mixed the old ispcp or maybe bypassed the control on username sorry in any case

Today we have so many username around the different platform that the best things is to use email address like unique id.
Time ago this was allowed to login to imscp panel but now it isn't.
Is possible to restore this feature (if not for all, at least for the panel).
Thank you

Quote from Nuxwin

You enable proxy feature through i-MSCP customer interface, right?
In such case, that will work too Why ? Because we don't proxy requests for path starting with /.well-known/ :

Code

1. ProxyPassMatch ^/((?!(?:\.well-known|errors)/).*) {FORWARD}$1 retry=30 timeout=7200

See https://github.com/i-MSCP/imsc…s/domain_redirect.tpl#L24

Okay, so it will work perfect
Thank you for clarify

The infrastructure is
Internet <---> i-MSCP server (Apache2) act like proxy <---> backend Web server (webserver1)

My doubt is because an HTTP ACME request for domain validation like: http://domain.tld/.well-known/acme-challenge/<token> will be fully forwarded to backend web server but this (backend web server) will not contain .well-known/acme-challenge/<token> .