[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite

[IOhannes m zmölnig (Debian/GNU)]

On 12/15/2016 06:03 PM, Mattia Rizzolo wrote:
>> Unfortunately it had no effect on my system: accessing
>> /.well-known/acme-challenge/ via my webserver would just give me a 404 page.
>>
>> Now, my webserver has the following characteristics
>> - multiple VirtualHosts
>> - use of mod_rewrite to do complex routing (in virtually all VirtualHosts).
> 
> umh.
> where do you configure the virtualhosts?  If you have them on
> /etc/apache2/sites-enabled those should not conflict and the conf this
> package ships would be honored (I think?!).

the vhosts are configured via /etc/apache2/sites-enabled, and i don't
think there is a conflict per se.
but i think that the mod_rewrite somehow cancels the conf from
dehydrated-apache2.

i probably should add, that mod_rewrite is rewriting the entire page
(apache2 is the front-end to a plone CMS; for vhost support on the CMS
side, i need complex proxying/rewriting capabilities such as offerend by
mod_rewrite)

> 
> In my systems I have a lot of virtulhosts too (although I don't have
> that many rewrite rules) and everything works.
> 
>>     RewriteRule ^/\.well-known/acme-challenge/ - [L]
>>
>> Of course I would prefer a solution that would fix this in a central place
>> (/etc/apache2/conf-available/dehydrated.conf).
>> However, my feeble (and short-lived) attempts did not have any effect.
> 
> Have you tried adding that line to
> /etc/apache2/conf-enabled/dehydrated.conf?
> 

that was precisely my unsatisfying and "feeble attempt" to fix it.



fgmrs
IOhannes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/letsencrypt-devel/attachments/20161216/fa6d6c16/attachment.sig>