If I use 443 in httpd.conf and want to start the httpd, the error message is:
(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
Actually I don't use 443, I check the port of 443 by:
lsof -i:443
I think the port of 443 is used in ssl.conf, so I can't use it in httpd.conf.
When I use 444 or 666 in the httpd.conf, I can start the httpd.
This is the reason?
Without looking a closer look, yes, that looks like the reason. In the conf.d dir, the default setup is to load all files that end in .conf. ssl.conf sets some universal settings, and then defines a vhost on port 443.
my suggestion is:
copy the ssl.conf to ssl.conf.bk (or whatever, just so you have the original for reference)
Then edit the vhost in ssl.conf to suit your needs.
ps:
Let me back up and explain the conf.d dir just a little in case some reader is confused. Many projects, (not just Apache) use these dirs as a way to have a modular configuration file setup. An admin can just drop a conf file in the correct dir, and apache loads it the next time the service reloads. I use a configuration manager that drops the correct files on the correct servers for me, making it real easy to spin up more servers as needed.
pps:
Let me back up again and explain a vhost (aka 'virtualhost'). the Apache project has made their web server flexible enough to host multiple domains. Stick with me here. I can put an apache server on the internet, and point dns records for both www.foo.com and www.bar.com at my IP address, and apache is smart enough to produce different web pages for each. This is what the vhosts are for. the thing is that you are not doing that. Each vhost is a combination of a host name, and a port. the default vhosts are defined like this:
<VirtualHost _default_:443>
or
<VirtualHost *:443>
and these are catch-alls. So if you want http traffic, use the vhost you already have in httpd.conf, or if you want https traffic, use the one in ssl.conf. No need to get fancy if you are trying to just get'r done.
And good luck!
Related
Ran into an issue with one of our setups, not to sure if that's even possible.
We're running a simple Ubuntu 18.04LTS server with PHP-FPM and Apache installed, that will host over a dozen different sites, with at least half of them having different SSL certificates. The server only has a single IP address/NIC.
To make everything easier to manage, I had initially created different vhost config files in /etc/apache2/sites-available, so every site would have their own; this was causing issues as one of the sites would be deemed "default" for SSL and its certificate would be handed out to all the other sites.
Going through StackOverflow and the internet, I've found a lot of posts that were saying to have a single vhost config file with all of our different site configurations...but now I have a thousand line config file, which is a mess to manage.
Is there a way to use SNI, with a single IP/NIC, with different vhost config files, or is our setup "uncommon" and we'll need to use a single vhost config file ?
Thanks!
EDIT: Link to a copy of the vhost config we use, sanitized of course: https://pastebin.com/1tQYBSxR
This is how Apache works for SSL VirtualHosts by default:
<VirtualHost *:443>
ServerName site1.com
# Certs definitions for site1.com
</VirtualHost>
<VirtualHost *:443>
ServerName site2.com
# Certs definitions for site2.com
</VirtualHost>
<VirtualHost *:443>
ServerName site3.com
# Certs definitions for site3.com
</VirtualHost>
Now you would expect that when a client connects with one of the sites, Apache understands which site it wants and uses that certificate, right?
But that is not the case. Apache does not know which site is asked for until after SSL negotiation is done. It must therefore always use the first VirtualHost certificate.
NameVirtualHost (Apache 2.2 directive, always on in v2.4) does not work for SSL.
You can put the definitions of each domain in a separate file. As long as they are all Included in the global config file. But again, only the first defined VirtualHost will serve *.443 requests.
In fact I have managed Apache servers with ~50 VirtualHost definitions, and having them all in one file would have been a nightmare. Split them by domain. You can even name the file THE_DOMAIN.conf.
Now how to get rid of that problem:
have 1 IP per domain. Which means 1 IP per VirtualHost. That way Apache knows which site the user requested, right form the start. But that requires as many addresses as you have domains.
have 1 port per domain. Instead of using port 443, some sites could use a non-default port. But that is weird for clients who have to specify the port in the request. Ex. https://example.com:445/. In enterprise setups, you can get your firewall-nat-proxy to change the port back for the client, but this is out of scope of this answer. This might be blocked as they are not default ports.
use SNI. This is supported by modern browsers, where the identification of the desired domain is sent at the time of SSL negotiation.
Using SNI is detailed here (and other references on the web) https://cwiki.apache.org/confluence/display/httpd/NameBasedSSLVHostsWithSNI
Overview:
the first VirtualHost is still the default used for clients that do not support SNI (older browser for example).
A new directive was added: SSLStrictSNIVHostCheck
You must use a minimum version of OpenSSL on the host, and Apache must have been compiled with it. It must enable TLS extensions.
Have fun!
I downloaded Apache binary from http://www.apachelounge.com/ After installing, in the httpd.conf file on line 220, I changed #ServerName www.example.com:80 to ServerName www.example.com:80. Now everything works fine. The server users the domain name localhost. Also localhost:80 automatically redirects to localhost.
Since ServerName is www.example.com:80 then why does the server work on localhost instead of www.example.com:80?
If I change every instance of www.example.com:80 to mylocalserver:80 then why doesn't the apache server work on mylocalserver:80?
DNS as in name resolution happens before you reach Apache HTTPD Server. When you put a name in your browser or anywhere, that you reach your server or not depends only on that resolution and if resolves the ip of the server you have configured, so it has nothing do be with how httpd is configured that you reach it with one name, and you don't with another.
As for httpd, it works on any name you may want because HTTPD does not know about your DNS setup. It listens on a IP address and if a request reaches the server (through the ip:port it is binded to) then and only then it will check the "Host" http header inside the request to decide to which virtualhost (if more than one and it has been configured properly) to deliver the request.
So you can use any name you like, what matter is how you resolve it and on which ip:port combination you end up.
Your question doesn't give a whole lot of information, but I'll try to answer it anyway.
Also localhost:80 automatically redirects to localhost.
That's probably not a redirect, but your browser removing the :80 part as it's the default port on the web.
Since ServerName is www.example.com:80 then why does the server work on localhost instead of www.example.com:80?
Probably because both localhost and www.example.com refer to the web server, and the web server responds to both of them. localhost is commonly configured to be 127.0.0.1 and thus will refer to your local set-up.
If I change every instance of www.example.com:80 to mylocalserver:80 then why doesn't the apache server work on mylocalserver:80?
mylocalserver might not be referring to anything. Try editing your hosts file (/etc/hosts on *nix, %SYSTEM%\Drivers\etc\hosts) to include mylocalserver to refer it to 127.0.0.1 just like localhost.
The problems you're having seem to stem from a misunderstanding about the domain names. Domain names translate into IP addresses. www.example.com translates to some IP address on the internet, but localhost translates into 127.0.0.1 usually, like defined in the hosts file. You may also just use the IP address in the ServerName variable, such as 127.0.0.1.
I've tried
vim /etc/phpmyadmin/apache.conf
but I can not put a VirtualHost here.
I want to change this configuration to list only the port 8080, can anyone help?
thank you
what I want is:
www.site.com/phpmyadmin -> failure
www.site.com:8080/phpmyadmin -> OK
I want to leave access to port 80 for the rest of the site.
You can change the Listen directive to 8080.
Search the apache configuration for Listen and change it from
Listen 80
to
Listen 8080
And restart the server. Bear in mind, this will be global to the whole apache server though. On centos or redhat, it'll be called "httpd.conf"
Usually the phpmayadmin configuration is included for all the Virtualhosts, that's a package installation behavior, and that's quite bad.
The file /etc/phpmyadmin/apache.conf is included from the main configuration (sometimes from a file in /etc/apache2/conf.d/phpmyadmin.conf).
Thoe first thing you could do is remove this main-all-virtualhosts-inclusion and only include this file with the Include keyword in one Virtualhost.
This allows two things, first you could use a dedicated ServerName for this host. Second you can alter the Port of the Virtualhost (or you can just do one of theses things).
Check this previous answer about IP/Name Virtualhosts, it will help you figure how Virtualhosts works. The Solution for you is to:
forbid the phpmyadmin configuration inclusion on the main-general-shared configuration level
Listen on both port 80 and 8080
Declare two NameVirtualHost, one on *:80 one on *:8080
Use a Virtualhost *:80 for classical application/websites, ServerName: www.site.com, ensure phpmyadmin configuration file is not included
Use a Virtualhost *:8080 including the phpmyadmin configuration, ServerName: www.site.com
Apache is runnig my server with port 80 and lighttpd with 81.
I defined vhost abc.com in apache.
I want to define track.abc.com and all request goes to lighttpd. Is is possible to define track subdomain for abc.com in lighttpd?
It is possible but rather than ports you need to have 2 separate IP addresses if you want to make regular request http://www.domainname.com in your browser. Otherwise you will be forced to call http://www.domainname.com if you intend to use the same IP address for both Apache and Lighttpd server.
You need to declare listening port in both Apache config and Lighttpd otherwise they both would try to bind IP address and port 80 which will result in error and only first server would start up.
I research and answer is Apache's ProxyPass option. First I configured my subdomain on Apache's vhost. and I added my subdomain's chost config file
ProxyPass / http://my_host_name:81/
Now, all my subdomains request goes to lighttp.
I have a bunch of domains pointing to one IP address (I have a feeling this will be the main thing stopping this from working) and one of them I would like to point to a node.js server on port 80 instead of having to faff about with proxies in Apache.
I've already removed the virtualhost for *:80 in apache (it warns me of this every time I restart it).
When I ask node to listen to domain.one:80 though (just an example, not what I'm really using), it doesn't work - it tells me the address is in use even though there's no VirtualHost for domain.one:80.
I suspect it's to do with the fact that domain.one and domain.two both point to the same IP, right? If not, what the heck can I do? Thanks :)
Ports are directly tied to an IP address. Each IP address can only have one process listening to a given port. Since your domain names all resolve to the same IP address you cannot have a separate node process for each one listening on port 80.
If you wish to keep this scheme, you'll need to have each node server listen on a different port and configure reverse proxies in Apache as described here. You can also consider using nginx as it also has this capability (configured slightly differently).
Yes. You can specify a servername in the vhost. Then you can only specify an IP or * in the tag. Create a *:80 Vhost and add
<VirtualHost *:80>
ServerName domain.one
DocumentRoot /blah/blah
....
</VirtualHost>
to it. That will filter by the domain name.