2018-06-17
Apache 2.2 Proxy and default block for everything but the .well-known/acme-challenge urls 9 months ago
I'm setting up a website on a new virtual machine on the new homeserver and I want a valid letsencrypt certificate. It's a site I don't want to migrate so I'll have to use the Apache proxy on the 'old' server to allow the site to be accessed via IPv4/IPv6 (for consistency I am now setting up everything via a proxy). So first I set up a proxy to pass all requests for the new server to the backend, something like:ProxyPass / http://newsite-back.idefix.net/ ProxyPassReverse / http://newsite-back.idefix.net/But now the requests for /.well-known/acme-challenge also go there and they are blocked needing a username/password since the new site is not open yet. So to set up the proxy correctly AND avoid the username checks for /.well-known/acme-challenge the order has to be correct. In the ProxyPass rules the rule for the specific URL has to come first and in the Location setup it has to come last.ProxyPass /.well-known/acme-challenge ! ProxyPass / http://newsite-back.idefix.net/ ProxyPassReverse / http://newsite-back.idefix.net/ <Location /> Deny from all AuthName "Site not open yet" [..] </Location> <Location /.well-known/acme-challenge> Order allow,deny Allow from all </Location>And now the acme-challenge is done locally on the server and all other requests get forwarded to the backend after authentication.