Global Apache Alias, ignoring virtual hosts

virtualhost apache-2.4 mod-alias
6,190

Solution 1

You can try to add this before all your virtual host :

Alias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/

#Bypass Auth
<Directory /var/www/letsencrypt/.well-known/acme-challenge/>
Satisfy any
</Directory>

#Redirect before other rewrite rules
RewriteCond %{REQUEST_URI} /\.well\-known/acme\-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]

Solution 2

I came across your question with the same letsencrypt acme apache alias problem. After reading through the apache documentation, I still don't undestand why the global alias doesn't work as expected (according to the documentation it should).

Anyway, here is a workaround that uses RedirectMatch (which according to the documentation is evaluated before alias). It requires one additional host and one global configuration file:

  1. Create an additional (sub)domain / host that only serves acme requests, lets say "acme.mydomain.tld"

  2. Create (and enable) a global configuration that redirects all acme-requests to that host, excluding the host itself from redirection:

    <If "%{HTTP_HOST} != 'acme.mydomain.tld'">
    RedirectMatch "^/.well-known/(.*)$" "http://acme.mydomain.tld/.well-known/$1" 
</If>

This works for all my VirtualHosts which had problems with the old alias approach.

Solution 3

According to Apache 2.4 documentation you have these options:

There are two basic types of containers. Most containers are evaluated for each request. The enclosed directives are applied only for those requests that match the containers. The <IfDefine>, <IfModule>, and <IfVersion> containers, on the other hand, are evaluated only at server startup and restart. If their conditions are true at startup, then the enclosed directives will apply to all requests. If the conditions are not true, the enclosed directives will be ignored.

May be you can give it a try use one of the containers mentioned above and add the alias that you need to be globally for all requests. See details here: https://httpd.apache.org/docs/2.4/sections.html#mergin.

Share:
6,190

Related videos on Youtube

Joachim Breitner
Author by

Joachim Breitner

Updated on September 18, 2022

Comments

  • Joachim Breitner
    Joachim Breitner almost 2 years

    I have a global entry

    Alias /.well-known/acme-challenge /var/www/letsencrypt/.well-known/acme-challenge/

    in my apache configuration, outside any virtual host. This way, the above Alias is effective for all virtual hosts. Unfortunately, there are still virtual hosts where this does not work as intended, e.g. due to redirects, authetication requirements etc.

    Is there a way to tell apache to consider this alias before even reading the configuration of the particular virtual host?

    • Joachim Breitner
      Joachim Breitner over 8 years
      Because I don’t want to touch the configuration of several dozens virtual hosts, adding an exception to each of them.
  • Joachim Breitner
    Joachim Breitner over 8 years
    I doubt that IfDefine etc will help. They just toggle the contained configuration, so they either have no effect at all (not helpful), or the same as if they were not wrapped in IfDefine.
  • Joachim Breitner
    Joachim Breitner over 8 years
    Well, almost. It seems that ScriptAliasMatch /(.*) /opt/.../cgi.pl/$1 in a Virtual Host configuration still takes precedence.
  • Froggiz
    Froggiz over 8 years
    I updated the answer, i hope it ll work. By the way i think /(.*) should be ^/(.*) to be more revealant
  • Joachim Breitner
    Joachim Breitner over 8 years
    Thanks. Unfortunately, it does not; it seems that the ScriptAliasMatch in the VirtualHost section still has precedence. I also tried some variations, i.e. with or without ^, AliasMatch instad of ScriptAliasMatch.
  • Froggiz
    Froggiz over 8 years
    What about ScriptAlias / /opt/.../cgi.pl/ instead of your scriptaliasmatch, it should do the same. Then if needed you can add ScriptAlias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/. It is not as i would like but it should work in your case
  • Joachim Breitner
    Joachim Breitner over 8 years
    I’ll give it a shot, but it’s definitely a divergence of my “I don’t want to touch the virtual hosts” goal.
  • Joachim Breitner
    Joachim Breitner over 8 years
    The Virtual Host settings still take precedence. I’ll just byte the bullet and add Alias /.well-known/acme-challenge/ ... to the few virtual hosts that are affected by this.
  • user9517
    user9517 over 8 years
    Congrats on 3k - have fun closing stuff.
  • Frederick Nord
    Frederick Nord over 7 years
    "Note that rewrite configurations are not inherited by virtual hosts. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use rewrite rules." httpd.apache.org/docs/2.4/mod/mod_rewrite.html
  • ChristophK
    ChristophK over 6 years
    Doubt and thinking are of no use here. I actually tried enclosing it in a <IfVersion> Block. It doesn't work.
  • Brian Albert Monroe
    Brian Albert Monroe almost 6 years
    I was honestly hoping for something like the accepted answer to work, but this was the only thing that deals with all my oddball virtualhosts

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to set up apache virtualhosts serving different directories?
SSL on apache; the requested URL was not found
Apache 2 and phpmyadmin on VirtualHost on custom port: you don't have permissions to access /phpmyadmin on this server
Apache 2.4 Virtualhost Blank Screen
How to get Apache Virtual Host working on Ubuntu?
upgrading to Apache 2.4: VirtualHost Invalid command 'AssignUserID'
Cannot get virtual host with port to work on Apache
How to configure <Location> Directive specific to a Location/Directory on Apache Server and not on Server Level?
ServerAlias without www not working on SSL virtualhost
Resolving multiple apache name-based virtual host with ssl