I've searched the internet, but I can only find information about blocking requests from certain IP-addresses of visitors. That's not what I'm looking for.
What do I want? Hence the following situation, I'm running an apache webserver hosting a website for https://example.com on public IPv4 address: 1.2.3.4
Visitors access the site by browsing to https://example.com, but the webserver is also listening to browser requests on the servers public IPv4 address 1.2.3.4, which also serves the site. How can I disable that Apache is serving the website over the server's public IPv4 address? I only want the site to be accessible over it's site-url / domain.
Related
I'm looking for a way to "pipe" the clients real IP address and port from Cloudflare over NGINX Proxy Manager to the main webserver apache.
The system is implemented in docker. The domain is configurated by cloudflare with proxy. I got a docker container with nginx that pipe the users requests to the apache container.
I want to log the original, real IP addresses AND the ports of users. I don't care where I pick up the data, whether it's from NGINX or Apache or, if necessary, from cloudflare. Preferably with the apache.
In PHP you get with:
$_SERVER['REMOTE_ADDR'] -> the IP address of the NGINX container (sure)
$_SERVER['HTTP_CF_CONNECTING_IP'] -> the real IP address of the user (what I want)
I don't know whether the original port is behind $_SERVER['REMOTE_PORT']. Probably not.
With Cloudflare there is the possibility to define additional fields in which the port could be passed through. How do I get to the field / the port.
Thanks a lot and best greetings
Mtz
A wasy to pipe the users original IP addresses and ports through Cloudflare and NGINX to apache (to log them).
Currently I am using No-Ip for my website and I wanted to use cloudflare for protection against ddos and bots. I noticed that you need a domain for cloudflare. Also I searched the web and found something called cloudflare ddns. I don't own a domain only the dynamic public ip of my home route. So how do I set up cloudflare without a domain?
Maybe you will be interested in Cloudflare Argo Tunnel.
A single command cloudflared tunnel --url localhost:80 will expose your webserver running on port 80 on your home server/PC to the internet. Cloudflare will generate a free subdomain under trycloudflare.com domain that your visitors can reach.
I bought a domain and registered it on a dns server. But I wonder how my web server know whether the coming request is from my domain. E.g. someone registered his domain on my server too. Obviously apache should reject other domain's request. I just wanna know more details about how a web server (like apache) detect this. Does it simply set in the config file (maybe ServerName?) and do some string comparison?
Short answer: By default, if another person points their domain to your website, by default the webpages that are sent to their computer are the same webpages you use for www.yourdomain.com. You can also program your webserver to deny/redirect requests from other domains.
Long answer (I recommand you read):
A common newbie misconception is that domains are "TIED" to a web server. However, that is not true. They are completely different and somewhat unrelated. A domain is just shorthand for an IP address that correlates to your web server. An IP address is really what is TIED with your web server.
For example:
www.example.com could 'resolve'/correlate to 1.1.1.1
and
www.randomdomain.com could also resolve to 1.1.1.1
If 1.1.1.1 is the ip address your web server is correlated to, THEN these requests will both get sent to your web server.
Now, if you think about it, with this logic, you should be able to access your web server by just typing in 1.1.1.1 That is true!
Real world example:
www.google.com goes to Google
172.217.6.78 also goes to Google because 172.217.6.78 is one of the web servers google.com will correlate/resolve to. Go ahead and type 172.217.6.78 into your web browser. It will take you to google.com.
DNS servers point your domain to the IP address of your web server.
On your webserver:
Your server will run a software that will respond to requests it gets from the outside internet. This software will usually know how to respond to this requests using the correct syntax and also be able to handle multiple requests at the same time. When this software gets a request, it will load a file (that you specify) and send it to the user/client.
Common examples of this software include Apache (most famous/popular - runs like 40% of all websites you browse including facebook.com) and nginx (becoming more popular).
The default config of an Apache/nginx/etc web server is to serve that user (at port 80) the documents that are in the 'www' folder. However, (for Apache) if you would like to serve multiple domains on one web server (www.example.com & login.example.com), you would usually create virtual hosts. Creating virtual hosts can be done by editing your Apache configuration file. (If you're hosting on GoDaddy/namecheap or something similar, you won't have access to this.)
An example of a basic virtual host could be:
<VirtualHost *:80> #80 for port 80 - the standard port for unencrypted web traffic
ServerName www.yourdomain.com
DocumentRoot /where/your/web/files/are/located
<VirtualHost>
You could then create another virtual host to reject/forward another domain's traffic
<VirtualHost *:80>
ServerName www.randomotherdomain.com
#here, you could either serve new content to this domain using "DocumentRoot" or you can forward all traffic to your website
Redirect / http://www.yourdomain.com
<VirtualHost>
However, by default, if another person points their domain to your website, by default the webpages that are sent to their computer are the same webpages you use for www.yourdomain.com
I have multiple domain in one ip address.One is Magento and another is normal html site.I set up virtual hosts in Nginx configuration but then only when I access to my Magento site (xxx.com) it automatically redirects to ip address.
How can I stop showing my ip address and keep my domain in the browser?
Your config is OK. Redirect probably comes from Magento engine.
I have a wordpress site on my debian server. I have done the port forwarding successfully (verified this) to access outside the network. However I get the below error when i try to access outside the network. Am i missing something? Sites-available is set to documentroot at /var/www, which is where my wordpress folder is.
The requested URL /XXXXXX was not found on this server.
Apache/2.2.22 (Debian) Server at 10.1.1.4 Port 80
I really hope someone can help me on this as i have spent almost a week over this.
Thanks!
I do this kind of stuff on daily basis. Lets go through the basics.
Firstly, confirm that you can access your server within your private network http://yourserverLANip:80
If possible, do not use server itself to test it (eg localhost:80), use other device as laptop or any other device within the same LAN.
With that test you can confirm that:
apache listens on port 80
apache accepts requests from other clients within your private network
wordpress is set up correctly
If wordpress site pops up we can assume that apache and private network configuration is correct and you'd need to move your debugging to WAN/public network configuration.
It would be wise to recheck apache security settings at this point.
From here, things get a little more complicated.
I believe you mean public WWW when you say "outside-the-network". You want to make your site public to every internet user on the planet.
I assume that you have a registered domain name (eg yourwebsitename.com) and a static public IP address at the location where the server is located (if you host it at home, static IP is fixed to your modem).
These two are "must", if you want to host anything that public can consume.
If you host your apache for yourself, you dont need your domain name, but you'd need to access your server through your public IP yourpublicIP:80 and it's not easy to use for other people.
Now lets go on with WAN debugging.
Validate that:
your domain DNS WWW settings are pointing to your public IP address
at your server location. you can do it through the control panel of
your domain registrant company.
you have a static public IP address where your server is hosted
your modem accepts incoming ports (80). this is done through modem
firewall settings.
that the port 80 is redirected to your server private IP address (LAN
ip).
The flow for redirecting clients to your server is something like that:
Client->WWW->internet service provider->yourpublicIP->modem->yourserver at LAN
Good hunting!