Need help with apache reverse proxy and uptime-kuma

[bernhard]

I'm hosting uptime-kuma on my server as docker container behind a reverse proxy. The domain is set to redirect http://uptime.example.com to https://uptime.example.com

Unfortunately my proxy does not let the letsencrypt request through and fails:

[23-Jan-2024 10:19:05] INFO | check domain "example.com'
[23-Jan-2024 10:19:05] INFO | certificate is valid until 2024-02-03 16:45:10 (11 days left)
[23-Jan-2024 10:19:05] INFO | certificate is in renewal period
[23-Jan-2024 10:19:05] INFO | renew cert
[23-Jan-2024 10:19:05] INFO | Using certificate authority: "https://acme-v02.api.letsencrypt.org/" (PRODUCTION).
[23-Jan-2024 10:19:05] INFO | Getting endpoint URLs.
[23-Jan-2024 10:19:05] INFO | Account "foo" already registered. Continue.
[23-Jan-2024 10:19:05] INFO | Requesting Key ID.
[23-Jan-2024 10:19:05] INFO | Sending signed request to "https://acme-v02.api.letsencrypt.org/acme/new-acct".
[23-Jan-2024 10:19:06] INFO | Start certificate generation.
[23-Jan-2024 10:19:06] INFO | Token stored at: /home/panel/www/.well-known/acme-challenge/local-check-123456
[23-Jan-2024 10:19:06] INFO | URL: http://example.com/.well-known/acme-challenge/local-check-123456 | HTTP code: 200 | HTTP body (first 100 chars): <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8" />    <meta name="viewport" conte
[23-Jan-2024 10:19:06] ERROR | a Let's Encrypt error occurred: Local resolving checks failed for domain "example.com". Please ensure that your domain is locally resolvable!

This is the proxy setup for HTTPS:

# dont proxy letsencrypt requests
ProxyPass /.well-known !

# uptime kuma directives
ProxyPass / http://localhost:3001/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://localhost:3001/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://localhost:3001/$1 [P,L]

Any ideas? AI is not smart enough to help me 😄 

[bernhard]

Ok... AI did indeed help with this problem again!

I told cursor "@[link to this topic] can you help bernhard?" and it gave me instructions what I can do and check. So it told me to place a file in /.well-known/foo.txt to check if my rules work. That was a great "idea" because I was able to check the rules without issuing a cert all the time.

I also had a look at PW's .htaccess file and looked how it is done there. Mixing everything together with some trial&error brought me to the working solution:

RewriteEngine on

# don't proxy requests to the .well-known folder
RewriteCond %{REQUEST_URI} ^/\.well-known/.*
RewriteRule ^ - [L]

# send other requests to uptime kuma
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /(.*) ws://localhost:3001/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /(.*) http://localhost:3001/$1 [P,L]

Maybe it helps someone else 🙂 

[dotnetic]

AI will change humanity just like the internet did