Skip to content
This repository has been archived by the owner on Aug 12, 2020. It is now read-only.

Feature Request: Install on Docker proxy managed domain #197

Open
digitall-it opened this issue Apr 5, 2018 · 5 comments
Open

Feature Request: Install on Docker proxy managed domain #197

digitall-it opened this issue Apr 5, 2018 · 5 comments

Comments

@digitall-it
Copy link

It seems like it can't install to subdomains, where the root of the URL is redirected using the proxy docker. This means docker images can't be secured using the extension.

Maybe adding a rule in the proxy docker could let it ignore the let's encrypt path.
@digitall-it
Copy link
Author

A temporary workaround if anyone has the problem, while plesk figures this out, would be to configure the proxy docker to access the image from a subdirectory of the domain, and add a php redirect while accessing the root.

That means:

https://rocketchat.domain.com/chat/ -> rocketchat docker image
https://rocket.chat.domain.com/ -> javascript redirect to https://rocketchat.domain.com/chat/

@digitall-it digitall-it mentioned this issue Apr 5, 2018
Open
@digitall-it digitall-it changed the title fails to install on docker image Feature Request: Install on Docker proxy managed domain Apr 5, 2018
@dr4y
Copy link

dr4y commented May 13, 2018
edited
Loading

It would be great if this would be implemented!

EDIT: With the latest update it is not working anymore...

As a workaround it works for me if I add the following rule as special nginx rule inside the domain settings
(Replace WEBROOT with the webroot of you domain)

location ^~ /.well-known/acme-challenge/ {
	alias /var/www/vhosts/WEBROOT/.well-known/acme-challenge/;
}

@dr4y
Copy link

dr4y commented Jul 29, 2018

The latest update of the lets encrypt module was intended to fix that issue I think but there is a mistake in there.
The location must be defined as follows for a correct functionallity:

Wrong:

 #extension letsencrypt begin
        location /.well-known/acme-challenge/ {
    ...

Right:

 #extension letsencrypt begin
        location ^~ /.well-known/acme-challenge/
    ...

@tft7000
Copy link

tft7000 commented Jul 30, 2018

As a workaround, I removed the docker proxy rule and added the following extra nginx rule:

location ~ ^/(?!(.well-known)) {
        proxy_pass http://0.0.0.0:<YOUR_DOCKER_PORT>;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
}

Note: the content is the same as the docker proxy rule generates. the location just excludes .well-known at the beginning of a path.
It works for me as of now (lets encrypt plugin version 2.6.1).

@Benjizle
Copy link

Hello

This may help someone out there. I tried everything shown above and on other plesk forum with no success, what worked for me was to:

Remove the docker proxy (from the domain dashboard)
issue the certificate (with no docker domain linked)
then add the docker proxy

After a successful certificate issuance and docker proxy linked, I also tried to renew certificate which also work.

If setting up a new docker domain/subdomain, I believe issuing the certificate first before linking the docker proxy domain is the way to go.

Best,
Benay.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tft7000 @digitall-it @dr4y @Benjizle