bernhard Posted January 25, 2024 Posted January 25, 2024 I'm hosting uptime-kuma on my server as docker container behind a reverse proxy. The domain is set to redirect http://uptime.example.com to https://uptime.example.com Unfortunately my proxy does not let the letsencrypt request through and fails: [23-Jan-2024 10:19:05] INFO | check domain "example.com' [23-Jan-2024 10:19:05] INFO | certificate is valid until 2024-02-03 16:45:10 (11 days left) [23-Jan-2024 10:19:05] INFO | certificate is in renewal period [23-Jan-2024 10:19:05] INFO | renew cert [23-Jan-2024 10:19:05] INFO | Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (PRODUCTION). [23-Jan-2024 10:19:05] INFO | Getting endpoint URLs. [23-Jan-2024 10:19:05] INFO | Account "foo" already registered. Continue. [23-Jan-2024 10:19:05] INFO | Requesting Key ID. [23-Jan-2024 10:19:05] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct". [23-Jan-2024 10:19:06] INFO | Start certificate generation. [23-Jan-2024 10:19:06] INFO | Token stored at: /home/panel/www/.well-known/acme-challenge/local-check-123456 [23-Jan-2024 10:19:06] INFO | URL: http://example.com/.well-known/acme-challenge/local-check-123456 | HTTP code: 200 | HTTP body (first 100 chars): <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" /> <meta name="viewport" conte [23-Jan-2024 10:19:06] ERROR | a Let's Encrypt error occurred: Local resolving checks failed for domain "example.com". Please ensure that your domain is locally resolvable! This is the proxy setup for HTTPS: # dont proxy letsencrypt requests ProxyPass /.well-known ! # uptime kuma directives ProxyPass / http://localhost:3001/ RewriteEngine on RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:3001/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:3001/$1 [P,L] Any ideas? AI is not smart enough to help me ?
bernhard Posted January 25, 2024 Author Posted January 25, 2024 Ok... AI did indeed help with this problem again! I told cursor "@[link to this topic] can you help bernhard?" and it gave me instructions what I can do and check. So it told me to place a file in /.well-known/foo.txt to check if my rules work. That was a great "idea" because I was able to check the rules without issuing a cert all the time. I also had a look at PW's .htaccess file and looked how it is done there. Mixing everything together with some trial&error brought me to the working solution: RewriteEngine on # don't proxy requests to the .well-known folder RewriteCond %{REQUEST_URI} ^/\.well-known/.* RewriteRule ^ - [L] # send other requests to uptime kuma RewriteCond %{HTTP:Upgrade} =websocket RewriteRule /(.*) ws://localhost:3001/$1 [P,L] RewriteCond %{HTTP:Upgrade} !=websocket RewriteRule /(.*) http://localhost:3001/$1 [P,L] Maybe it helps someone else ? 3
dotnetic Posted January 26, 2024 Posted January 26, 2024 AI will change humanity just like the internet did
Recommended Posts