Hello, I have an ispconfig 3.2.8p1 server. I install a configuration with apache2. In parallel, I install Zulip chat on that same server. Zulip install script installed nginx. I changed nginx default port going to 5080. I create a website in ispconfig and proxypass zulip. It works. Where I face a difficulty is for LE certificate. In server/lib/classes/letsencrypt.inc.php, I cross that line ;-) Code: $app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN); Investigating, I discover that when doing curl http://mydomain.tld/.well-known/acme-challenge/le-562876136.8638743.txt This is NGINX which is answering and not APACHE2 I check Ispconfig server setting : Webserver is apache netstat -tunelp | grep 80 says Code: tcp 0 0 0.0.0.0:5080 0.0.0.0:* LISTEN 0 705965 388525/nginx: maste tcp6 0 0 :::5080 :::* LISTEN 0 705966 388525/nginx: maste tcp6 0 0 :::8080 :::* LISTEN 0 2113531 689757/apache2 tcp6 0 0 :::80 :::* LISTEN 0 2113515 689757/apache2 tcp6 0 0 :::8081 :::* LISTEN 0 2148465 689757/apache2 I check /etc/apache2/ports.conf, there is Listen 80 in Apache seems not to listen to tcp... listen only tcp6 ? What should I do without impacting ispconfig configuration to turn back to apache when going to alias /.well-known/acme-challenge/ ?
Set apache conf to listen to both ipv4 and ipv6 instead of just ipv6. Don't forget to restart it afterward.
That is listening on all interfaces, both ipv4 and ipv6. This is normally done via: Code: # cat /etc/apache2/conf-enabled/999-acme.conf Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted <IfModule mpm_itk_module> AssignUserId ispconfig ispconfig </IfModule> </Directory>
Hello, thanks for your help ! I decide to switch to docker for Zulip as it is incompatible with ispconfig...
I face again an issue on a server having only apache2 ! Config is in /etc/apache2/sites-enabled/999-acme.conf and not /etc/apache2/conf-enabled/999-acme.conf I think it changes nothing because working server is with /etc/apache2/sites-enabled/999-acme.conf
So my issue is : - I have ispconfig multiple servers running. - I am on webserver with apache2 - I have a docker container with nginx inside binding port 5080 Code: netstat -tunelp | grep 80 tcp 0 0 0.0.0.0:5080 0.0.0.0:* LISTEN 0 426957769 951790/docker-proxy tcp6 0 0 :::80 :::* LISTEN 0 427036056 964707/apache2 tcp6 0 0 :::8081 :::* LISTEN 0 427036064 964707/apache2 tcp6 0 0 :::5080 :::* LISTEN 0 426960348 951817/docker-proxy I did touch /usr/local/ispconfig/interface/acme/.well-known/acme-challenge1.txt and curl http://mydom.tld/.well-known/acme-challenge/1.txt it says Code: <html> <head><title>404 Not Found</title></head> <body> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.18.0 (Ubuntu)</center> </body> </html> Nginx is not set on the server itself only inside docker Code: docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4bfxxxx3fb84 redis:alpine "docker-entrypoint.s…" 43 minutes ago Up 43 minutes 6379/tcp docker-zulip_redis_1 c15xxxx4a5a5 zulip/docker-zulip:5.1-0 "/sbin/entrypoint.sh…" 43 minutes ago Up 43 minutes 443/tcp, 0.0.0.0:5080->80/tcp, :::5080->80/tcp docker-zulip_zulip_1 986xxxxxc237 rabbitmq:3.7.7 "docker-entrypoint.s…" 43 minutes ago Up 43 minutes 4369/tcp, 5671-5672/tcp, 25672/tcp docker-zulip_rabbitmq_1 78bfxxxxx178 memcached:alpine "docker-entrypoint.s…" 43 minutes ago Up 43 minutes 11211/tcp docker-zulip_memcached_1 9eba2ca76b54 zulip/zulip-postgresql:10 "docker-entrypoint.s…" 43 minutes ago Up 43 minutes 5432/tcp docker-zulip_database_1 I check Code: cat /etc/apache2/sites-enabled/999-acme.conf Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge> Require all granted <IfModule mpm_itk_module> AssignUserId ispconfig ispconfig </IfModule> </Directory> I setup that same conf on a testing server without any issue ! What do you think ?
I found : there is a rewrite rule that is driving directly into my docker container ! I need to set a conditoon to avoid rewriting .well-known ... Code: RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS} RewriteEngine On RewriteRule /(.*) http://localhost:5080/$1 [P,L] <Location /> Require all granted ProxyPass http://localhost:5080/ timeout=300 ProxyPassReverse http://localhost:5080/ ProxyPassReverseCookieDomain 127.0.0.1 mydom.com </Location> I try that but with no success Code: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !/.well-known/acme-challenge RewriteRule /(.*) http://localhost:5080/$1 [P,L]