Another issue I just fell over. Trying to enable https. Added webapps. Added the subdomain as per the wiki.
That connects fine through the proxy. However, I cannot generate a letsencrypt certificate for the host/domain
[root@test letsencrypt.sh]# letsencrypt.sh -c
# INFO: Using main config file /etc/letsencrypt.sh/config.sh
Processing chat.reetspetit.info with alternative names: reetspetit.info mail.reetspetit.info test.reetspetit.info
www.reetspetit.info + Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for chat.reetspetit.info...
+ Requesting challenge for reetspetit.info...
+ Requesting challenge for mail.reetspetit.info...
+ Requesting challenge for test.reetspetit.info...
+ Requesting challenge for
www.reetspetit.info...
+ Responding to challenge for chat.reetspetit.info...
ERROR: Challenge is invalid! (returned: invalid) (result: {"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from
http://chat.reetspetit.info/.well-known/acme-challenge/13x4OOCTg8YN8758RU4DK3Atbj2BLta_oslRQCidfgI [212.83.164.73]: 403"},"uri":"
https://acme-v01.api.letsencrypt.org/acme/challenge/z8VL-s91k-aiiAKmHX3jUPB3DRwM0NEVuDjDx3R34lk/72772938","token":"13x4OOCTg8YN8758RU4DK3Atbj2BLta_oslRQCidfgI","keyAuthorization":"13x4OOCTg8YN8758RU4DK3Atbj2BLta_oslRQCidfgI._IYt1sNfNVNxGFTcIFNdJOP9E8mKxnAdY8DKER_1h1M","validationRecord":[{"url":"
http://chat.reetspetit.info/.well-known/acme-challenge/13x4OOCTg8YN8758RU4DK3Atbj2BLta_oslRQCidfgI","hostname":"chat.reetspetit.info","port":"80","addressesResolved":["212.83.164.73"],"addressUsed":"212.83.164.73"}]})
I guess the proxy is routing the request to something internal in RocketChat rather than to the standard Primary ibay / .well-known/acme-challenge
Any ideas on how to get round this ? Does the reverse proxy need an entire subdomain ? Will a host not do the job ?