I have my server side at http://example.co.uk, which is accessible in a web browser (or via a normal http request) to http://example.co.uk. However, for my app to be able to access the server side, I'd like it to be able to access exactly the same content on port 5678. So I tried to program this in virtualHosts in my apache config:
<VirtualHost 184.107.24.1:80>
ServerName example.co.uk
ServerAlias www.example.co.uk
DocumentRoot /home/example/public_html
ServerAdmin webmaster#example.co.uk
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/example.co.uk combined
CustomLog /usr/local/apache/domlogs/example.co.uk-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User example # Needed for Cpanel::ApacheConf
UserDir enabled example
<IfModule mod_suphp.c>
suPHP_UserGroup example example
</IfModule>
<IfModule !mod_disable_suexec.c>
<IfModule !mod_ruid2.c>
SuexecUserGroup example example
</IfModule>
</IfModule>
<IfModule mod_ruid2.c>
RUidGid example example
</IfModule>
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2/example/example.co.uk/*.conf"
</VirtualHost>
(that is what I had originally). I have tried adding Listen 5678 and adding 3 lines about a proxy request:
ProxyRequest Off
ProxyPass / http://example.co.uk:5678/
ProxyPassReverse / http://example.co.uk:5678/
Edit your ports.conf file as :
NameVirtualHost *:80
Listen 80
NameVirtualHost *:5678
Listen 5678
Change the VirtualHost definition by
<VirtualHost 184.107.24.1:80 184.107.24.1:5678>
Related
I'm stuck with my Apache config
Situation
I have a Node chat web app and a phpmyadmin running on the same debian VPS server. Node runs on :3000 and phpmyadmin on :443.
The server base url on :443 is currently displaying phpmyadmin login page and the chat app can be accessed on IP:3000 (https)
Each have their own SSL cert and https is working without issues on both of them separately
Goal
What I'm trying to do is setup an Apache reverse proxy to forward requests from a a clean url (like chat.domain.com) to my Node app while keeping phpmyadmin on it's own dedicated subdomain (vps.domain.com).
like so :
internet (chat.domain.com on :443) -> reverse proxy -> node app running on :3000
internet (vps.domain.com on :443) -> reverse proxy -> phpmyadmin
Issue
Redirection does not work at all.
Firefox shows an error page with SSL_ERROR_RX_RECORD_TOO_LONG (ERR_SSL_PROTOCOL_ERROR on Chrome). As far as I understand it is telling me that I can't redirect to a service running on a different port than :443
I need secure https for both of my services (phpmadmin and chat) but can only run one of them on :443 since one is Apache and the other is Node. They each have their own routing system.
What I've considered
I'm not sure if what I'm trying to do is possible with Apache and this setup. I'd like to run my main app on :443 but then PMA would have to be moved to another port and. Alternatively I could run several servers for cleaner separation of services. I could also use Docker containers, but I don't think this should be necessary here.
Not sure which solution is the most appropriate. I just wanted to do some basic redirections.
Setup config :
Including relevant information about my config in this section.
Apache version : Apache/2.4.53 (Debian)
rewrite and proxy mods are enabled
apachectl configtest -> Syntax OK
vHosts :
default http -> https redirection
# 000-default.conf
VirtualHost *:80>
ServerName default.domain.me
Redirect / https://localhost:443
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
reverse proxy vhost
# reverse_proxy.conf
<VirtualHost chat.domain.me:443>
ServerName rproxy.domain.me
# ProxyPreserveHost On
ProxyRequests Off
# chat
ProxyPass / https://localhost:3000/
ProxyPassReverse / https://localhost:3000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
PMA vhost
# phpmyadmin.conf
<VirtualHost _default_:443>
ServerName phpmyadmin.domain.me
DocumentRoot /usr/share/phpmyadmin
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/vps.domain.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vps.domain.me/privkey.pem
Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=63072000"
# Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
# limit libapache2-mod-php to files and directories necessary by pma
<IfModule mod_php7.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/usr/share/doc/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpmyadmin/error.log
CustomLog ${APACHE_LOG_DIR}/phpmyadmin/access.log combined
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite # don't know if secret. didn't include.
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
Let me give you some possible solutions.
1)Changing the virtual host tag, ie, from <VirtualHost chat.domain.me:443> to <VirtualHost _default_:443>
2)setting the ports.conf file as follows
Listen 80
Listen 443 https
execute a2ensite default-ssl
Finally let me give you one of example that I have
ServerName abc.com
ServerAdmin webmaster#abc.com
<Proxy *>
Require all granted
</Proxy>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8181/
ProxyPassReverse / http://127.0.0.1:8181/
ErrorLog ${APACHE_LOG_DIR}/abc.com.error.log
CustomLog ${APACHE_LOG_DIR}/abc.com.access.log combined
SSLCertificateFile /etc/letsencrypt/live/abc.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abc.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Currently my server has 1 website running on https/ssl. The thing is when i enable a second vhost, also with https/ssl, the first website I have running is now using the ssl cert of the new website.
I have tried putting the two websites in a single vhost file, didn't work so I made 2 seperate files instead.
Here are my vhost config files:
(Naming them websiteZ and website Y because of alfabetical order they are in)
vhost current running website .conf
<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>
NameVirtualHost *:443
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.websiteZ.nl
DocumentRoot "/var/www/html/websites/websiteZ.nl/public"
<Directory "/var/www/html/websites/websiteZ.nl/public">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/websiteZ.nl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/websiteZ.nl/certificate.key
SSLCertificateChainFile /etc/apache2/ssl/websiteZ.nl/cabundle.crt
</VirtualHost>
</IfModule>
new website with ssl .conf
<VirtualHost *:80>
ServerName websiteY.nl
ServerAlias www.websiteY.nl
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]
DocumentRoot "/var/www/html/websites/websiteY.nl/public/"
<Directory "/var/www/html/websites/websiteY.nl/public/">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.websiteY.nl
DocumentRoot "/var/www/html/websites/websiteY.nl/public"
<Directory "/var/www/html/websites/websiteY.nl/public">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLStrictSNIVHostCheck on
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/websiteY.nl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/websiteY.nl/certificate.key
SSLCertificateChainFile /etc/apache2/ssl/websiteY.nl/cabundle.crt
</VirtualHost>
</IfModule>
ports.conf
NameVirtualHost *:80
NameVirtualHost *:443
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I looked up the SNI thing, but I think i'm missing something. The way I understand it is that I have to use NameVirtualHost to make it work.
The server is running on AWS ece2 with Ubuntu 16.04.2
The problem occors when i type in terminal:
a2ensite websiteY.conf
When I do that websiteZ will lose it's https cert and will show a big red cross wich says: NOT SECURE! When you click to proceed it links to websiteY
I am a little bit out of options, can someone help me out? Thanks!
When you enter www.websiteZ.nl without https, the request will first be caught by
<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>
and therefore redirected to https://websiteZ.nl
Since none of your :443 Virtual Hosts has neither ServerName or ServerAlias configured with websiteZ.nl, then the one from alphabetically first .conf file will be used, which is in this case the one with websiteY cert.
So I have two web sites hosted on the same server and same IP address. Ok no biggie. I setup my httpd.conf file in a way I believe is correct. The first site, cascocc.com works no problem. The second site coloradospringshomebuilders.com is the problem. It redirects to http://coloradospringshomebuilders.com/cgi-sys/defaultwebpage.cgi and the www alias does not work. Below is what I think are the relevant parts for my config file with the rest in a paste bin below. I have also included the .htaccess files below as well too. Any ideas?
I am getting a 403 forbidden error any time i try to access anything in the document root. How do I correct this
http.conf file can be found here
.htaccess file for coloradospringshomebuilders.com
.htaccess file for cascocc.com
<VirtualHost 216.172.182.170:80>
ServerName 216.172.182.170
DocumentRoot /usr/local/apache/htdocs
ServerAdmin root#cas.cascocc.com
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>
</VirtualHost>
# Default vhost for unbound IPs
<VirtualHost *>
ServerName cas.cascocc.com
DocumentRoot /usr/local/apache/htdocs
ServerAdmin root#cas.cascocc.com
<IfModule mod_suphp.c>
suPHP_UserGroup nobody nobody
</IfModule>
</VirtualHost><VirtualHost 216.172.182.170:80>
ServerName cascocc.com
ServerAlias www.cascocc.com
DocumentRoot /home/cascocc/public_html
ServerAdmin xxx#cascocc.com
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/cascocc.com combined
CustomLog /usr/local/apache/domlogs/cascocc.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
<IfModule itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID cascocc cascocc
</IfModule>
ScriptAlias /cgi-bin/ /home/cascocc/public_html/cgi-bin/
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2_2/cascocc/cascocc.com/*.conf"
</VirtualHost>
# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES.
<VirtualHost 216.172.182.170:80>
ServerName coloradospringshomebuilders.com
ServerAlias www.coloradospringshomebuilders.com
DocumentRoot /home/cascohomes/public_html
ServerAdmin xxx#coloradospringshomebuilders.com
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/coloradospringshomebuilders.com combined
CustomLog /usr/local/apache/domlogs/coloradospringshomebuilders.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
<IfModule itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID cascohomes cascohomes
</IfModule>
ScriptAlias /cgi-bin/ /home/cascohomes/public_html/cgi-bin/
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2_2/cascohomes/coloradospringshomebuilders.com/*.conf"
</VirtualHost>
Apache/2.4.7 (Ubuntu)
Ubuntu 14.04
I'm trying to run multiple ssl on the same ip. When I type in the first domain it redirects to the second domain.
I'm probably missing one little thing somewhere, if you could help me out that would be awesome.
I followed the DO tutorial without changing the ports.conf file (as I'm under the impression NameVirtualHost is no longer in use).
I have two .conf files in my sites-enabled directory and i've tried merging them but get the same result.
Output from apachectl -S is:
*:443 is a NameVirtualHost
default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
Here is my ports.conf (should be default Ubuntu):
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I've tried switching from mod_ssl to mod_gnutls (with updated conf file) and get the same result.
Domain 1 .conf file in sites-enabled:
<VirtualHost *:80>
ServerName domain1.com
ServerAlias www.domain1.com *.domain1.com
DocumentRoot /git/domain1.com/public/
ServerAdmin webmaster#domain1.com
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain1.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#domain1.com
ServerName domain1.com
DocumentRoot /git/domain1.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain1.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain1.com/apache/ssl/apache.key
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Domain 2 conf:
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com *.domain2.com domain2.ca *.domain2.ca
DocumentRoot /git/domain2.com/public/
ServerAdmin webmaster#domain2.com
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#domain2.com
ServerName domain2.com
DocumentRoot /git/domain2.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain2.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain2.com/apache/ssl/apache.key
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
</IfModule>
*:443 is a NameVirtualHost
default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
Since the default server is domain2.com, the HTTPS requests that come from a non-SNI supported browser will probably be redirected to domain2.com, even you are intended to access www.domain1.com.
And one more possibility you may investigate on, if you are sure that the client is supporting SNI, then check whether the installed OpenSSL is supporting TLS and your Apache is built with that OpenSSL version. Both server side and client side prerequisites must be fulfilled in order to make a name-based Apache Virtual Host to handle requests correctly.
Update 1
You may see an error log like Init: Name-based SSL virtual hosts require an OpenSSL version with support for TLS extensions (RFC 6066 - Server Name Indication / SNI), but the currently used library version (%s) is lacking this feature in your error log when you started your server.
Update 2
And also, although the result of apachectl -S
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
is showing *.domain1.com or domain1.com will be handled as www.domain1.com, in your domain1.conf
<VirtualHost *:443>
ServerAdmin webmaster#domain1.com
ServerName domain1.com
is not defining any alias for this virtual host, so I am wondering whether this virtual host will handle requests like what you assumed.
I've created a wildcard subdomain using cpanel and attempting to point all sub domains to a particular .wsgi file.
<VirtualHost my.server_ip.address:9999>
ServerName _wildcard_.domain.tld
ServerAlias *.domain.tld
# DocumentRoot /home/my_acct/public_html
ServerAdmin webmaster#domain.tld
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/_wildcard_.domain.tld combined
CustomLog /usr/local/apache/domlogs/_wildcard_.domain.tld-bytes_log "%{%s}t %I .\n%{%s}t %O ."
## User my_acct # Needed for Cpanel::ApacheConf
UserDir enabled my_acct
<IfModule mod_suphp.c>
suPHP_UserGroup my_acct my_acct
</IfModule>
<IfModule !mod_disable_suexec.c>
<IfModule !mod_ruid2.c>
SuexecUserGroup my_acct my_acct
</IfModule>
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid my_acct my_acct
</IfModule>
<IfModule itk.c>
# For more information on MPM ITK, please read:
# http://mpm-itk.sesse.net/
AssignUserID my_acct my_acct
</IfModule>
ScriptAlias /cgi-bin/ /home/my_acct/public_html/cgi-bin/
# To customize this VirtualHost use an include file at the following location
Include "/usr/local/apache/conf/userdata/std/2_2/my_acct/wildcard_safe.domain.tld/*.conf"
</VirtualHost>
The following code is what is in wildcard_safe.domain.tld/*.conf and there is only 1 .conf which I name it as subdomain.conf
SetEnvIf Host "^(\w+).domain.tld" subdomain=$1
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess pyramid_subdomain user=my_acct group=my_acct threads=4 \
python-path=/home/my_acct/modwsgi/env/lib/python2.6/site-packages
WSGIScriptAlias / /home/my_acct/modwsgi/env/pyramidsub_%{ENV:subdomain}.wsgi
WSGIScriptAlias /admin /home/my_acct/modwsgi/env/pyramidsub_%{ENV:subdomain}.wsgi
<Directory /home/my_acct/modwsgi/env>
WSGIProcessGroup pyramid_subdomain
Order allow,deny
Allow from all
</Directory>
The following is the pyramidsub_test.wsgi file
from pyramid.paster import get_app, setup_logging
ini_path = '/home/my_acct/modwsgi/env/MyFirstApp/production_subtest.ini'
setup_logging(ini_path)
application = get_app(ini_path, 'main')
I've also ensured that there's a pyramidsub_test.wsgi in /home/my_acct/modwsgi/env/.
After setting all this up, I did a apache restart, and go to test.mydomain.com.
However it is showing a website not found, I've checked on apache error_log, but I can't
find any errors being logged. However, I have no problem viewing the main
domain ( www.domain.com )
This is my first time doing server setup, etc, coming from a php background.
Any help is much appreciated.