Feature Request: Install on Docker proxy managed domain

plesk / letsencrypt-plesk

Let’s Encrypt extension for Plesk gives all Plesk users the power to get a free Let’s Encrypt certificate with just a couple of clicks.

https://www.plesk.com/extensions/letsencrypt/

180 stars 25 forks source link

Feature Request: Install on Docker proxy managed domain #197

Open digitall-it opened 6 years ago

digitall-it commented 6 years ago

It seems like it can't install to subdomains, where the root of the URL is redirected using the proxy docker. This means docker images can't be secured using the extension.

Maybe adding a rule in the proxy docker could let it ignore the let's encrypt path.

digitall-it commented 6 years ago

A temporary workaround if anyone has the problem, while plesk figures this out, would be to configure the proxy docker to access the image from a subdirectory of the domain, and add a php redirect while accessing the root.

That means:

https://rocketchat.domain.com/chat/ -> rocketchat docker image
https://rocket.chat.domain.com/ -> javascript redirect to https://rocketchat.domain.com/chat/

dr4y commented 6 years ago

It would be great if this would be implemented!

EDIT: With the latest update it is not working anymore...

As a workaround it works for me if I add the following rule as special nginx rule inside the domain settings (Replace WEBROOT with the webroot of you domain)

location ^~ /.well-known/acme-challenge/ {
    alias /var/www/vhosts/WEBROOT/.well-known/acme-challenge/;
}

dr4y commented 6 years ago

The latest update of the lets encrypt module was intended to fix that issue I think but there is a mistake in there. The location must be defined as follows for a correct functionallity:

Wrong:

 #extension letsencrypt begin
        location /.well-known/acme-challenge/ {
    ...

Right:

 #extension letsencrypt begin
        location ^~ /.well-known/acme-challenge/
    ...

tft7000 commented 6 years ago

As a workaround, I removed the docker proxy rule and added the following extra nginx rule:

location ~ ^/(?!(.well-known)) {
        proxy_pass http://0.0.0.0:<YOUR_DOCKER_PORT>;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
}

Note: the content is the same as the docker proxy rule generates. the location just excludes .well-known at the beginning of a path. It works for me as of now (lets encrypt plugin version 2.6.1).

Benjizle commented 5 years ago

Hello

This may help someone out there. I tried everything shown above and on other plesk forum with no success, what worked for me was to:

Remove the docker proxy (from the domain dashboard) issue the certificate (with no docker domain linked) then add the docker proxy

After a successful certificate issuance and docker proxy linked, I also tried to renew certificate which also work.

If setting up a new docker domain/subdomain, I believe issuing the certificate first before linking the docker proxy domain is the way to go.

Best, Benay.