My company has a LAMP server, and I am not an expert at web hosting but I manage basic tasks.
My server currently hosts about twelve different domains. Each domain has a .conf file in the sites-enabled directory, and they work fine. Let's say we have example1.com, example2.com, and example3.com, just to hopefully help explain this question.
Recently, a person I work with registered a bunch of new domains. With the domain registrar, they pointed the domains to our IP address. I believe this is called "parking" a domain. I have not set up a .conf file or enabled any of these new domains on our server yet. Let's say they are newsite1.com, newsite2.com, etc...
What's puzzling to me is that if one types one of the new domains into a browser, one of our existing domain shows up. Let's say it's example1.com. So, if you go to a browser and type in newsite1.com, or newsite2.com, you are taken to example1.com. Also, in the address bar at the top of the browser, it will be displayed as example1.com.
This is not the desired behaviour. For one thing, we did not choose, as far as I know, for example1.com to be the default, and it's not necessarily the website we would want to be the default. In any case, I don't know why the system is going to example1.com as opposed to example2.com or any of our other sites.
The desired behaviour would be for there to just be a general error, "this domain does not exist" or something like that. If there has to be a default website, we'd like to be able to choose it.
I've seen questions on Stack Oveflow that are similar, but they all presume one wants to set a default. When I look at the configuration files they reference, for example /etc/httpd/conf/httpd.conf, they are empty, so in my case, there is nothing to unset.
How do I stop browsers from being redirected to the website that they are currently being directed to? How can I set it so that Apache just returns a "site not found" error instead of serving up a website?
The easiest way to fix this is name your .conf files starting with a number.
If you look at the default apache configs, you'll notice a file called "000-default.conf". Apache will load the files in number order - so just make your default virtual host .conf file be 000-whatever.conf.
I suppose you're using name based virtual hosts and the <VirtualHost> directive and this is what docs have to say:
If no matching name-based virtual host is found, then the first listed virtual host that matched the IP address will be used. As a consequence, the first listed virtual host for a given IP address and port combination is the default virtual host for that IP and port combination.
So when you say:
I've seen questions on Stack Oveflow that are similar, but they all
presume one wants to set a default.
... all I can add is that that's the way Apache works. I don't think it's inherently wrong to have a default host that serves a this domain does not exist page. I always do so in my Windows development box, typically by commenting out the default hosts at conf/extra/httpd-vhosts.conf file and adding my default host there.
If you ask for my opinion, it's rather questionable that Apache basically serves an arbitrary site when there's no match, thus making this customisation mandatory—and I've seen lots of live sites that don't do it.
Related
I've been googling for a bit now, and I really cant seem to figure this out. I recently bought a domain name with google domains, that I wish to point to a sub domain on my web-server, (example) http://120.0.0.0/sub-folder/, while apearing as domain.com.
Right now I have mbektic.com forwarding to http://138.197.5.88/mbektic/ which kind of gets what I need done, but I wish for the URL to say mbektic.com, instead of the ip address of the server.
Now I've been looking around and I've found things mentioning things from creating records to .htaccess files, and honestly I'm completely lost.
If someone could point me to a straightforward guide or give me a list of steps to follow, I can do it myself, but currently I am just lost.
This really belongs on unix.se since it isn't programming...
That said, what you need to do is set up a DNS A record pointing your domain name to your IP address. Add a second one to handle www.example.com
Then, on the webserver, configure it to respond to that name and serve content out of the directory you specify (the apache webserver calls this the DocumentRoot - you may want to look up apache virtual hosts .... )
We have a SaaS product and we give websites for customers. The customers can request to have their own domain pointed to their website. At the moment we use httpd.conf file to add a VirtualHost entry pointing to the same document directory. Afterwards the database will load the website by matching the URL. We realized there are couple of problems with this approach and this is not scalable at all.
If there is a mistake in httpd.conf file their is potential the whole product might not work. This has actually happen. Also, we use WHM and cPanel, so when we add a mod or does a tweak in the live server, the entire httpd.conf gets rewritten having us to replace/add existing virtual host entries to the file.
Strangely in our QA server, i did not have to add any virtualhost entries and as soon as a new domain is pointed, the website is picked up from the database. I realized the virtualhost entries were needed in the live server only. Both have Apache 2.4 CentOS installed. Is there a reason behind this? Im sure this has something to do with a configuration change.
Hope someone can point me in the right direction where i can achieve the same in our live server environment.
Cheers!
In Apache VirtualHosts add versatility but you are not forced to create any.
Apache will listen to the interfaces you tell it to (with the Listen directive) and when receiving requests if you haven't defined any virtualhosts the default server config will answer all requests.
The moment you add a virtualhost, that will be used to answer all requests, and if you add more virtualhosts the servername in them is examined to determine where to deliver requests depending on the incoming host header.
There really isn't anything more to it really.
I'm a complete newbie when it comes to servers, so I need some help. Basically, I want to have a subdomain on my VPS. I'm not too concerned where the files reside, though of course I would like them separated if possible.
I found a guide to doing this that basically sums the procedure up in five steps:
Create directories to host the content of a new virtual site.
Make a copy of the /etc/apache2/sites-available/defaults file with a site appropriate name.
Change the two /var/www/ entries to the actual directory of the new site.
Add the ServerName line with the real domain name you will be hosting.
Use a2ensite to enable the new site, and finally reload Apache2 so it knows about the new site
I tried all of this, but I can't get it to work. I didn't get any errors at any point during this process, but when I enter the address with the subdomain into my browser, I get a "Server not found" error.
The company that hosts my VPS has an admin page where I can set up subdomains. Stupid question: do I have to do reconfigure the DNS records or something while doing this, or is it likely that the problem is caused by something else?
Additional note: I followed a guide on howtoforge.com when setting up the server, which in hindsight may not have been the brightest move on my part. It is possible that I made a mistake there that is somehow affecting me now?
Assuming you've setup the subdomain correctly in your VPS' admin page, the only thing left to check here is that you've actually created the subdomain in your DNS administration page (have you?). For example, I use afraid.org to manage my DNS records and to add a subdomain, it's essentially:
Type: A
Subdomain: sparky
Domain: example.com
Destination: 120.34.2.3 (this would be your VPS' IP address)
In general, you add a (sub)domain by:
sparky.example.com A 120.34.2.3
Please keep in mind that you want to add an A record (this is important!).
The setup is:
www.domainA.com
www.domainB.com
both actually hosted on one web server (Apache)
123.123.123.123/domainA
123.123.123.123/domainB
I have setup a hidden forward from the domains to the web server directories which works fine, however, produces duplicate content (since it is also available by addressing the web server directly). I tried setting up 301 redirects to the domains for every request that is targeting the IP address directly (using mod_rewrite),but found that this results in a forwarding loop. Obviously the server does not recognize whether the domain has been requested originally.
If anybody can give me a hint on how this is supposed to be done, I'd be glad to hear.
You can set up virtual hosting on the web-server so that it does pay attention to the hostname that was requested. This is a fairly common practice and should solve your problem. You can do away with separate subdirectories since each virtual host has its own virtual root.
So are you saying that you have pages indexed in google that reference your IP address and a directory rather than the domain name?
Also, I'm not sure why doing a redirect from the IP to the domain name would cause a redirect loop. If the redirect is based on the host header, it should work fine.
We noticed that a hacker created a domain and configured DNS to point it to our server's IP address.
We are using apache2.x on Ubuntu.
There is a "default" file in apache's /etc/apache2/sites-available directory and it looks like the the hacker's domain is using "default" apache configuration file to display our web content in their domain.
How can we prevent this?
Can some one post a "default" apache configuration file as an example?
Unknown domains that come into apache over the specified ip and port will be directed to the first virtual host, thus the 000-default file. Your best bet is to make the 000-default host return a 400 or 500 error (or some explicit message saying the domain doesn't belong) and use explicit virtualhosts for each of your sites.
+1 Jeremy's answer: make the default (first) virtual host for each IP address you're listening on return something useless like a 404 or page saying nothing but “this is a virtual server”.
Allowing your web server to serve a real web site on a non-matching ‘Host’-name (including a raw IP address) opens you up to two particular attacks:
DNS rebinding attacks, leading to cross-site scripting into your real web site.
This affects sites with a user access element (eg. logging in, cookies, supposedly-private intranet apps).
‘Search-hijacking’. This affects all sites (even completely static ones). This may be what is happening to you. By pointing their own domain name at your server, they can make search engines see both the real domain name and their fake one as duplicates for the same site. By using SEO techniques they can then try to make their fake address seem like the more popular, at which point the search engines see that as the canonical address for the site, and will start linking to it exclusively instead of yours.
Most web servers are configured by default to serve a web site to all-comers, regardless of what hostname or IP address they're accessing it through. This is a dangerous mistake. For all real live sites, configure it to require that the ‘Host’ header matches your real canonical hostname.