https://bugs.contribs.org/show_bug.cgi?id=10541
Bug ID: 10541
Summary: Suppress ProxyPass for ACME challenge
Classification: Contribs
Product: SME Contribs
Version: 9.2
Hardware: ---
OS: ---
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: smeserver-letsencrypt
Assignee: jcr...@safeandsoundit.co.uk
Reporter: contr...@pythontech.co.uk
QA Contact: contribteam@lists.contribs.org
Target Milestone: ---
I have a backend server which I want to serve requests for
https://mysvc.mydomain.tld via the ProxyPass mechanism, but I want the SME
Server to handle the letsencrypt certificates for this in addition to the
primary domain (after all, external https connections are made to the SME
server, so the certificate needs to be available to the initial SSL
negotiation).
(I also want the reverse proxy connection from SME to backend server to be http
only, but that's a separate issue.)
As things stand, a request for
http://mysvc.mydomain.tld/.well-known/acme-challenge/$whatever gets forwarded
to the backend server, which does not have the challenge machinery.
I believe I have fixed this locally by creating a custom template fragment
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/40ACME
containing the lines:
# letsencrypt challenge runs on front end server
ProxyPass /.well-known/acme-challenge/ !
Can this (without -custom of course) be added to the contrib? I can't think of
a use case where you would want to forward the challenge.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail contribteam-unsubscr...@lists.contribs.org
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
