Global Apache Alias, ignoring virtual hosts
Solution 1
You can try to add this before all your virtual host :
Alias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/
#Bypass Auth
<Directory /var/www/letsencrypt/.well-known/acme-challenge/>
Satisfy any
</Directory>
#Redirect before other rewrite rules
RewriteCond %{REQUEST_URI} /\.well\-known/acme\-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]
Solution 2
I came across your question with the same letsencrypt acme apache alias problem. After reading through the apache documentation, I still don't undestand why the global alias doesn't work as expected (according to the documentation it should).
Anyway, here is a workaround that uses RedirectMatch (which according to the documentation is evaluated before alias). It requires one additional host and one global configuration file:
- Create an additional (sub)domain / host that only serves acme requests, lets say "acme.mydomain.tld"
-
Create (and enable) a global configuration that redirects all acme-requests to that host, excluding the host itself from redirection:
<If "%{HTTP_HOST} != 'acme.mydomain.tld'"> RedirectMatch "^/.well-known/(.*)$" "http://acme.mydomain.tld/.well-known/$1" </If>
This works for all my VirtualHosts which had problems with the old alias approach.
Solution 3
According to Apache 2.4 documentation you have these options:
There are two basic types of containers. Most containers are evaluated for each request. The enclosed directives are applied only for those requests that match the containers. The
<IfDefine>, <IfModule>, and <IfVersion>
containers, on the other hand, are evaluated only at server startup and restart. If their conditions are true at startup, then the enclosed directives will apply to all requests. If the conditions are not true, the enclosed directives will be ignored.
May be you can give it a try use one of the containers mentioned above and add the alias that you need to be globally for all requests. See details here: https://httpd.apache.org/docs/2.4/sections.html#mergin.
Related videos on Youtube
Joachim Breitner
Updated on September 18, 2022Comments
-
Joachim Breitner almost 2 years
I have a global entry
Alias /.well-known/acme-challenge /var/www/letsencrypt/.well-known/acme-challenge/
in my apache configuration, outside any virtual host. This way, the above Alias is effective for all virtual hosts. Unfortunately, there are still virtual hosts where this does not work as intended, e.g. due to redirects, authetication requirements etc.
Is there a way to tell apache to consider this alias before even reading the configuration of the particular virtual host?
-
Joachim Breitner over 8 yearsBecause I don’t want to touch the configuration of several dozens virtual hosts, adding an exception to each of them.
-
-
Joachim Breitner over 8 yearsI doubt that
IfDefine
etc will help. They just toggle the contained configuration, so they either have no effect at all (not helpful), or the same as if they were not wrapped inIfDefine
. -
Joachim Breitner over 8 yearsWell, almost. It seems that
ScriptAliasMatch /(.*) /opt/.../cgi.pl/$1
in a Virtual Host configuration still takes precedence. -
Froggiz over 8 yearsI updated the answer, i hope it ll work. By the way i think /(.*) should be ^/(.*) to be more revealant
-
Joachim Breitner over 8 yearsThanks. Unfortunately, it does not; it seems that the
ScriptAliasMatch
in theVirtualHost
section still has precedence. I also tried some variations, i.e. with or without^
,AliasMatch
instad ofScriptAliasMatch
. -
Froggiz over 8 yearsWhat about
ScriptAlias / /opt/.../cgi.pl/
instead of your scriptaliasmatch, it should do the same. Then if needed you can addScriptAlias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/
. It is not as i would like but it should work in your case -
Joachim Breitner over 8 yearsI’ll give it a shot, but it’s definitely a divergence of my “I don’t want to touch the virtual hosts” goal.
-
Joachim Breitner over 8 yearsThe Virtual Host settings still take precedence. I’ll just byte the bullet and add
Alias /.well-known/acme-challenge/ ...
to the few virtual hosts that are affected by this. -
user9517 over 8 yearsCongrats on 3k - have fun closing stuff.
-
Frederick Nord over 7 years"Note that rewrite configurations are not inherited by virtual hosts. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use rewrite rules." httpd.apache.org/docs/2.4/mod/mod_rewrite.html
-
ChristophK over 6 yearsDoubt and thinking are of no use here. I actually tried enclosing it in a <IfVersion> Block. It doesn't work.
-
Brian Albert Monroe almost 6 yearsI was honestly hoping for something like the accepted answer to work, but this was the only thing that deals with all my oddball virtualhosts