Posts by m4rv1n00

    Yes, it is intercepted and blocked on forward with this
    ProxyPassMatch ^/((?!(?:\.well-known|errors)/).*)

    but after this only errors is redirect with this

    Alias /errors/ /var/www/virtual/xxxxx/errors/

    I added this

    Alias /.well-known/ /var/www/virtual/xxxxx/sub/htdocs/.well-known/
    <Directory /var/www/virtual/xxxxx/sub/htdocs/.well-known/>
    Require all granted

    to work

    But this have to be made manually every time because of the scheleton.

    How about inlude the generic alias "/.well-known/acme-challenge/" in the "installation"?
    Because on how it is now, it intercept the call to the path but going in error if you don't have plugin.
    I understand plugin is enanched but in this case it will never work without this additional configuration because it is wrongly forbidden by ProxyPassMatch by default

    Yes, is going on the apache but is not going on the right folder in the imscp server.

    If I don't configure the proxy, the file from /.well-known/ folder it's back with a 200 (success) because it reside on imscp server in the right folder.
    If after the test on the previous row, I configure the proxy, the call to /.well-known/ is not forwarded to the application server and is back with a 404 (error).

    Try yourself if you have the same behavior

    Application server back is an apache and no .htaccess is definied.

    [22/Mar/2017:10:31:46 +0100] "GET /.well-known/acme-challenge/thdyezcHPRcRoDk85kmPxSCCxpS2n7Pwxyn9kX0wWYc HTTP/1.1" 404 624 "-" "Mozilla/5.0

    [22/Mar/2017:10:32:38 +0100] "GET /.well-known/acme-challenge/thdyezcHPRcRoDk85kmPxSCCxpS2n7Pwxyn9kX0wWYc HTTP/1.1" 200 88 "-" "Mozilla/5.0

    The folder /.well-known/ is manually created with permission of folder on upper level

    i-MSCP 1.3.16
    Build: 20170107
    Codename: Horner

    Step to reproduce problem:
    - create new domain, don't enter proxy now (if you set as proxy at this stage imscp will not create the folder)
    - configure the domain as proxy vs backend application server (internet <-> imscp frontend <-> application server)
    - make a request to configured domain like
    - the request will be forwarded to application server instead to be intercepted by imscp frontend

    If you need other information let me know, I will be glad to help you

    Today we have so many username around the different platform that the best things is to use email address like unique id.
    Time ago this was allowed to login to imscp panel but now it isn't.
    Is possible to restore this feature (if not for all, at least for the panel).
    Thank you

    The infrastructure is
    Internet <---> i-MSCP server (Apache2) act like proxy <---> backend Web server (webserver1)

    My doubt is because an HTTP ACME request for domain validation like: http://domain.tld/.well-known/acme-challenge/<token> will be fully forwarded to backend web server but this (backend web server) will not contain .well-known/acme-challenge/<token> .