Apache and Nginx on same server - Letsencrypt issue

Hello,

I have an ispconfig 3.2.8p1 server.
I install a configuration with apache2.
In parallel, I install Zulip chat on that same server.
Zulip install script installed nginx. I changed nginx default port going to 5080.
I create a website in ispconfig and proxypass zulip. It works.

Where I face a difficulty is for LE certificate.
In server/lib/classes/letsencrypt.inc.php, I cross that line ;-)

Code:

$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);

Investigating, I discover that when doing
curl http://mydomain.tld/.well-known/acme-challenge/le-562876136.8638743.txt
This is NGINX which is answering and not APACHE2
I check Ispconfig server setting : Webserver is apache

netstat -tunelp | grep 80
says

Code:

tcp        0      0 0.0.0.0:5080            0.0.0.0:*               LISTEN      0          705965     388525/nginx: maste
tcp6       0      0 :::5080                 :::*                    LISTEN      0          705966     388525/nginx: maste               
tcp6       0      0 :::8080                 :::*                    LISTEN      0          2113531    689757/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      0          2113515    689757/apache2
tcp6       0      0 :::8081                 :::*                    LISTEN      0          2148465    689757/apache2

I check /etc/apache2/ports.conf, there is Listen 80 in
Apache seems not to listen to tcp... listen only tcp6 ?
What should I do without impacting ispconfig configuration to turn back to apache when going to alias /.well-known/acme-challenge/ ?

 

Set apache conf to listen to both ipv4 and ipv6 instead of just ipv6. Don't forget to restart it afterward.

 

Hello, thanks for your help !
I decide to switch to docker for Zulip as it is incompatible with ispconfig...

 

I face again an issue on a server having only apache2 !
Config is in /etc/apache2/sites-enabled/999-acme.conf and not /etc/apache2/conf-enabled/999-acme.conf
I think it changes nothing because working server is with /etc/apache2/sites-enabled/999-acme.conf

 

So my issue is :
- I have ispconfig multiple servers running.
- I am on webserver with apache2
- I have a docker container with nginx inside binding port 5080

Code:

netstat -tunelp | grep 80
tcp        0      0 0.0.0.0:5080            0.0.0.0:*               LISTEN      0          426957769  951790/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      0          427036056  964707/apache2
tcp6       0      0 :::8081                 :::*                    LISTEN      0          427036064  964707/apache2
tcp6       0      0 :::5080                 :::*                    LISTEN      0          426960348  951817/docker-proxy

I did
touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge1.txt
and
curl http://mydom.tld/.well-known/acme-challenge/1.txt
it says

Code:

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>

Nginx is not set on the server itself only inside docker

Code:

docker ps
CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS          PORTS                                                            NAMES
4bfxxxx3fb84   redis:alpine                "docker-entrypoint.s…"   43 minutes ago   Up 43 minutes   6379/tcp                                                         docker-zulip_redis_1
c15xxxx4a5a5   zulip/docker-zulip:5.1-0    "/sbin/entrypoint.sh…"   43 minutes ago   Up 43 minutes   443/tcp, 0.0.0.0:5080->80/tcp, :::5080->80/tcp   docker-zulip_zulip_1
986xxxxxc237   rabbitmq:3.7.7              "docker-entrypoint.s…"   43 minutes ago   Up 43 minutes   4369/tcp, 5671-5672/tcp, 25672/tcp                               docker-zulip_rabbitmq_1
78bfxxxxx178   memcached:alpine            "docker-entrypoint.s…"   43 minutes ago   Up 43 minutes   11211/tcp                                                        docker-zulip_memcached_1
9eba2ca76b54   zulip/zulip-postgresql:10   "docker-entrypoint.s…"   43 minutes ago   Up 43 minutes   5432/tcp                                                         docker-zulip_database_1

I check

Code:

cat /etc/apache2/sites-enabled/999-acme.conf
Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
<Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
                                Require all granted
                        <IfModule mpm_itk_module>
           AssignUserId ispconfig ispconfig
        </IfModule>
</Directory>

I setup that same conf on a testing server without any issue !
What do you think ?

 

I found : there is a rewrite rule that is driving directly into my docker container !
I need to set a conditoon to avoid rewriting .well-known ...

Code:

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
RewriteEngine On
RewriteRule /(.*)           http://localhost:5080/$1 [P,L]
<Location />
    Require all granted
    ProxyPass  http://localhost:5080/  timeout=300
    ProxyPassReverse  http://localhost:5080/
    ProxyPassReverseCookieDomain  127.0.0.1  mydom.com
</Location>

I try that but with no success

Code:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME}  !/.well-known/acme-challenge
RewriteRule /(.*)           http://localhost:5080/$1 [P,L]

 

Finally, I'll do :
<locationmatch '.well-known' >
RewriteEngine off
</locationMatch>