When I run Apache and have it configured to listen at ports 80 and 443, is it only listening for local traffic on my network? How can I tell if my server is visible to the web? (I want to keep it private for local development purposes) I think that for others to have access to my server, I would have to actually open up ports 80 and 443 on my router, but I have to say I'm pretty confused. Any help would be appreciated!
The ports have nothing to do with whether it's visible on the web. It's the IP address that the server is listening on and whether that IP address is allowed, to accept inbound connections if there is a firewall in front of it. So if you are using Localhost or an RFC 1918 IP address, then there is nothing to worry about. It has to use a publicly accessible IP address or hostname.
When Apache starts, it binds to some port and address on the local
machine and waits for incoming requests. By default, it listens to all
addresses on the machine. However, it may need to be told to listen on
specific ports, or only on selected addresses, or a combination of
both. This is often combined with the Virtual Host feature, which
determines how Apache responds to different IP addresses, hostnames
and ports.
https://httpd.apache.org/docs/2.2/bind.html
Also if you are behind a router, until you port forward your router on 80 or 443, nothing is going to get through from the outside.
You did not specify the OS/distribution you are using so it's a little hard to guess where you apache.conf or httpd.conf is located, you need to find it (including the ssl.conf file).
Somewhere right at the top you will find a few lines talking about "Listen: allows you to bind apache". You can limit this to your network of your local computer including localhost, now assuming you ipaddress is 192.168.10.1:
Listen 127.0.0.1:80
Listen 192.168.10.1:80
A little further down you will find a section talking about "DocumentRoot", right after that it will talk about "Directory", make it look like:
<Directory />
Order Allow, Deny
Deny From All
allow from 192.168.0.0
allow from 127.0.0.1
</Directory>
and depending where your document root is:
<Directory /var/www>
Order Allow, Deny
Deny From All
allow from 192.168.0.0
allow from 127.0.0.1
</Directory>
This will only allow local traffic to get to your server. You need to make sure that your ip address is within the range of 192.168.0.0.
Note that you need to do the same in the file called "ssl.conf".
Related
I have a webserver with 2 domains (already attached to a folder), I want my global server configuration, which basically using "/var/www/html" as default document root, to have ANOTHER folder for ANOTHER user, based on just different port (I have read that it is possible in Apache site).
Follow is the cite from apache site:
Each Virtual Host must correspond to a different IP address, different port number, or a different host name for the server, in the former case the server machine must be configured to accept IP packets for multiple addresses. (If the machine does not have multiple network interfaces, then this can be accomplished with the ifconfig alias command -- if your OS supports it).
So my IP is XX.XX.XX.XX and server configuration has the line "listen 443" (I am running by default on https), I did the following:
listen 19758 https
<VirtualHost XX.XX.XX.XX:19785>
ServerName XX.XX.XX.XX:19785
DocumentRoot "/the/path/to/the/user/directory/public_html"
<Directory "/the/path/to/the/user/directory/public_html">
AllowOverride none
Options SymLinksIfOwnerMatch
Require all granted
</Directory>
<IfModule mpm_itk.c>
AssignUserID EFX EFX
</IfModule>
</VirtualHost>
I opened the port in the iptables, and made sure it is opened.
However: When I open the browser and typing "XX.XX.XX.XX:19785", it just timeouts without giving me the page (index.htm) that sits in the desired directory.
Note: This user has no associated domain, and will never has one.
The server is running with 2 other domains that have associated folders, I don't want to mix with them.
What I am doing wrong?
The main idea is to be able to enter from the browser to that directory as that user, and not as "nobody" (the default user of the server in the configuration file).
Thanks a lot for help.
I have read several questions here and still nothing is working.
I am trying to access my test site from a remote computer (either network or wan but i need wan eventually)
I just re-downloaded the newest XAMPP for windows 10.
I can go to localhost (also the other 3 names I setup in the host file to redirect to localhost) and of course 127.0.0.1 (localhost).
If I try and use my ip address of the computer or someone else trys my ip address on their computer, we get page cant be found (from chrome)
If I check apache access logs I see nothing about an access attempt.
Netstat -a shows these two records
TCP 0.0.0.0:80
TCP 0.0.0.0:443
TCP [::]:80
TCP [::]:443
I have gone to Windows Firewall -> Advanced Settings -> Inbound rule. Here it shows that appache has 2 rules, one for UDP and one for TCP allowing all ports.
I have gone to my rounter and port forwarded 80 & 443 (which is what xampp is running on) and still nothing
I even have put my computer in a DMZ. I also turned off the windows firewall. (all back on after testing of course this is dangerous).
Xampp has no locationmatch in xampp-http.conf like other questions.
My vhost file has the directory setup like this:
<Directory "C:/Users/username/Desktop/git repos/stats-website">
AllowOverride All
Order Allow,Deny
Allow from all
Require all granted
</Directory>
This is my testing rig and I am now testing an API that is being accessed externally before I send it to the production server. I have been at this for 2 days and out of all possibilities
UPDATE
I have solved the issue somewhat. I can now get to it from everything except localhost or 127.0.0.1
In httpd.conf I changed it from just Listen 80 to Listen pcipaddress:80. I thought listen 80 defaulted to binding on more than just localhost
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 192.168.1.241:80
#Listen 80
How do I do it so it works both localhost and also remote connections?
UPD Provider's fault
I think I have read all the instructions and have done everything I could, but it still doesn't work :(
List of things I have done so far:
in httpd.conf file of the Apache server:
ServerName 192.168.0.102:8080
...
# onlineoffline tag - don't remove
Require all granted
...
Listen 0.0.0.0:8080
Listen [::0]:8080
Then I have the following result:
C:\Users\Sam>netstat -na | find ":8080"
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
So, I guess, no firewall interruptions..
Then I have forwarded the thing in my TL-WR842ND router as follows:
In DHCP I set static local IP of 192.168.0.102 to my MAC and forwarded port 8080 to that IP. Then I rebooted the router but the port is still closed.
I can access WAMP though localhost:8080, through 192.168.0.102:8080, but cannot access remotely through the public IP. I also tried to set DMZ to 192.168.0.102 but that also had no impact. I called my provider and they said that they allow port forwarding and the problem must be on my side. pls help :(
Turns out, I have a common IP address with multiple other users and I have to pay extra to my provider in order to be able to expose services to the outside. I believe that is called a non-routable IP address.
You can read about it here
I downloaded Apache binary from http://www.apachelounge.com/ After installing, in the httpd.conf file on line 220, I changed #ServerName www.example.com:80 to ServerName www.example.com:80. Now everything works fine. The server users the domain name localhost. Also localhost:80 automatically redirects to localhost.
Since ServerName is www.example.com:80 then why does the server work on localhost instead of www.example.com:80?
If I change every instance of www.example.com:80 to mylocalserver:80 then why doesn't the apache server work on mylocalserver:80?
DNS as in name resolution happens before you reach Apache HTTPD Server. When you put a name in your browser or anywhere, that you reach your server or not depends only on that resolution and if resolves the ip of the server you have configured, so it has nothing do be with how httpd is configured that you reach it with one name, and you don't with another.
As for httpd, it works on any name you may want because HTTPD does not know about your DNS setup. It listens on a IP address and if a request reaches the server (through the ip:port it is binded to) then and only then it will check the "Host" http header inside the request to decide to which virtualhost (if more than one and it has been configured properly) to deliver the request.
So you can use any name you like, what matter is how you resolve it and on which ip:port combination you end up.
Your question doesn't give a whole lot of information, but I'll try to answer it anyway.
Also localhost:80 automatically redirects to localhost.
That's probably not a redirect, but your browser removing the :80 part as it's the default port on the web.
Since ServerName is www.example.com:80 then why does the server work on localhost instead of www.example.com:80?
Probably because both localhost and www.example.com refer to the web server, and the web server responds to both of them. localhost is commonly configured to be 127.0.0.1 and thus will refer to your local set-up.
If I change every instance of www.example.com:80 to mylocalserver:80 then why doesn't the apache server work on mylocalserver:80?
mylocalserver might not be referring to anything. Try editing your hosts file (/etc/hosts on *nix, %SYSTEM%\Drivers\etc\hosts) to include mylocalserver to refer it to 127.0.0.1 just like localhost.
The problems you're having seem to stem from a misunderstanding about the domain names. Domain names translate into IP addresses. www.example.com translates to some IP address on the internet, but localhost translates into 127.0.0.1 usually, like defined in the hosts file. You may also just use the IP address in the ServerName variable, such as 127.0.0.1.
I have a bunch of domains pointing to one IP address (I have a feeling this will be the main thing stopping this from working) and one of them I would like to point to a node.js server on port 80 instead of having to faff about with proxies in Apache.
I've already removed the virtualhost for *:80 in apache (it warns me of this every time I restart it).
When I ask node to listen to domain.one:80 though (just an example, not what I'm really using), it doesn't work - it tells me the address is in use even though there's no VirtualHost for domain.one:80.
I suspect it's to do with the fact that domain.one and domain.two both point to the same IP, right? If not, what the heck can I do? Thanks :)
Ports are directly tied to an IP address. Each IP address can only have one process listening to a given port. Since your domain names all resolve to the same IP address you cannot have a separate node process for each one listening on port 80.
If you wish to keep this scheme, you'll need to have each node server listen on a different port and configure reverse proxies in Apache as described here. You can also consider using nginx as it also has this capability (configured slightly differently).
Yes. You can specify a servername in the vhost. Then you can only specify an IP or * in the tag. Create a *:80 Vhost and add
<VirtualHost *:80>
ServerName domain.one
DocumentRoot /blah/blah
....
</VirtualHost>
to it. That will filter by the domain name.