Apache error: _default_ virtualhost overlap on port 443 - apache

I get this error when trying to start Apache.
_default_ virtualhost overlap on port 443
I'm trying to set up SSL. Almost every solution online says add:
NameVirtualHost *:443
to the conf file but Apache still fails to start and just says
Action start failed. the apache logs may have more information
There is zero information in the Apache logs.

To resolve the issue on a Debian/Ubuntu system modify the /etc/apache2/ports.conf settings file by adding NameVirtualHost *:443 to it. My ports.conf is the following at the moment:
# /etc/apache/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
</IfModule>
Furthermore ensure that 'sites-available/default-ssl' is not enabled, type a2dissite default-ssl to disable the site. While you're at it type a2dissite by itself to get a list and see if there is any other site settings that you have enabled that might be mapping onto port 443.

On a vanilla Apache2 install in CentOS, when you install mod_ssl it will automatically add a configuration file in:
{apache_dir}/conf.d/ssl.conf
This configuration file contains a default virtual host definition for port 443, named default:443. If you also have your own virtual host definition for 443 (i.e. in httpd.conf) then you will have a confict. Since the conf.d files are included first, they will win over yours.
To solve the conflict you can either remove the virtual host definition from conf.d/ssl.conf or update it to your own settings.

It is highly unlikely that adding NameVirtualHost *:443 is the right solution, because there are a limited number of situations in which it is possible to support name-based virtual hosts over SSL. Read this and this for some details (there may be better docs out there; these were just ones I found that discuss the issue in detail).
If you're running a relatively stock Apache configuration, you probably have this somewhere:
<VirtualHost _default_:443>
Your best bet is to either:
Place your additional SSL configuration into this existing VirtualHost container, or
Comment out this entire VirtualHost block and create a new one. Don't forget to include all the relevant SSL options.

I ran into this problem because I had multiple wildcard entries for the same ports. You can easily check this by executing apache2ctl -S:
# apache2ctl -S
[Wed Oct 22 18:02:18 2014] [warn] _default_ VirtualHost overlap on port 30000, the first has precedence
[Wed Oct 22 18:02:18 2014] [warn] _default_ VirtualHost overlap on port 20001, the first has precedence
VirtualHost configuration:
11.22.33.44:80 is a NameVirtualHost
default server xxx.com (/etc/apache2/sites-enabled/xxx.com.conf:1)
port 80 namevhost xxx.com (/etc/apache2/sites-enabled/xxx.com.conf:1)
[...]
11.22.33.44:443 is a NameVirtualHost
default server yyy.com (/etc/apache2/sites-enabled/yyy.com.conf:37)
port 443 namevhost yyy.com (/etc/apache2/sites-enabled/yyy.com.conf:37)
wildcard NameVirtualHosts and _default_ servers:
*:80 hostname.com (/etc/apache2/sites-enabled/000-default:1)
*:20001 hostname.com (/etc/apache2/sites-enabled/000-default:33)
*:30000 hostname.com (/etc/apache2/sites-enabled/000-default:57)
_default_:443 hostname.com (/etc/apache2/sites-enabled/default-ssl:2)
*:20001 hostname.com (/etc/apache2/sites-enabled/default-ssl:163)
*:30000 hostname.com (/etc/apache2/sites-enabled/default-ssl:178)
Syntax OK
Notice how at the beginning of the output are a couple of warning lines. These will indicate which ports are creating the problems (however you probably already knew that).
Next, look at the end of the output and you can see exactly which files and lines the virtualhosts are defined that are creating the problem. In the above example, port 20001 is assigned both in /etc/apache2/sites-enabled/000-default on line 33 and /etc/apache2/sites-enabled/default-ssl on line 163. Likewise *:30000 is listed in 2 places. The solution (in my case) was simply to delete one of the entries.

Related

Apache HTTPD: How to setup Virtual Host correctly

I've installed Apache httpd on my Mac and "It works".
Now I need to configure a Virtual Host in order to expose my application (Java Spring) with httpd as reverse proxy in front of it.
This is what I have into /usr/local/etc/httpd/extra/httpd-vhosts.conf file
<VirtualHost *:443>
ServerName my.domain.it:443
SSLEngine on
SSLCertificateFile /path/to/cert.crt
SSLCertificateKeyFile /path/to/cert.key
ProxyPreserveHost On
ProxyPass / http://localhost:8080/myapp
ProxyPassReverse / http://localhost:8080/myapp
</VirtualHost>
In /etc/hosts I've mapped to server address in this way:
127.0.0.1 my.domain.it
And The Tomcat Connector configuration is:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" proxyPort="443" scheme="https"/>
If I run the application with Eclipse it responds correctly at http://localhost:8080/myapp/ but If I try to call https://my.domain.it/myapp/ It doesn't work and Google Chrome tells me: "This site can't be reached".
What's wrong with my configuration?
P.S.
The httpd Apache instance is configured to Listen on port 80
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
Thanks.
EDIT: SOLVED
Unfortunately I was not able to solve with Apache Httpd but now with Nginx it works. Thanks for your answers
In mod_ssl.conf (file name might be different) you should have the following line
Listen 443
It tells apache to listen on port 443 (it's include in the configuration file when you install mod_ssl to be able to expose your site over HTTPS).
The same configuration file should include all the shared configuration about the TLS.
If apache is running, you can check if port 443 is listening, using netstat:
netstat -an | grep -i list
The output should include port 80 and 443 (and some other according to the services running on the server such as ssh).
If the port is shown in the list, next step is to check apache logs for errors.

Creating subdomains on apache2 server with dynamic IP

So basically I'm having issues creating a subdomain on my server. I'm running apache2 on a Ubuntu 12.04 server and have dynamic IP set up with No-IP.com.
I have mydomain.com working, but want to create test.mydomain.com directing towards a subfolder in my /var/www/ directory (where everything for my website is located).
I modified the code on apache vhosts examples page and put this in my httpd.conf file:
# Ensure that Apache listens on port 80
Listen 80
# Listen for virtual host requests on all IP addresses
NameVirtualHost localhost:80
<VirtualHost localhost:80>
DocumentRoot /var/www/
ServerName mydomain.com
# Other directives here
</VirtualHost>
<VirtualHost localhost:80>
DocumentRoot /var/www/test
ServerName test.mydomain.com
# Other directives here
</VirtualHost>
When I try and restart the service:
sudo /etc/init.d/apache2 restart
* Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
Any help is greatly appreciated. Please let me know if I'm forgetting to include any necessary information.
Update
I tried using *:80 but I still got an error, that's why I switched to localhost.
sudo /etc/init.d/apache2 restart
* Restarting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Thu Nov 21 15:03:51 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
[Thu Nov 21 15:03:51 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
UPDATE I figured out what was going on. I had a matching configuration entry in my ports.conf file. Once I removed that, everything worked fine.
Your apache conf seems correct if you replace localhost with *. That means that you should use NameVirtualHost *:80 and <VirtualHost *:80>
However, you must tell the DNS server to forward subdomains to your dynamic IP. Since you have a .com domain from a paid DNS service, you must login to your DNS provider and setup A records or CNAME records to your IP (add the same settings you have in your main .com domain). If you use the a ddclient or similar client to automatically update the domains, you can configure it to update the subdomain as well.
In any case, use command nslookup yourdomain.com and nslookup subdomain.domain.com to see if the subdomain is updated successfully. Note that updates in DNS may take hours before they are actually in effect.
EDIT:
Sorry just noticed : (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80. This means that somebody else is already using port 80, so the apache server cannot bind to that address. Use sudo netstat -anltp | grep :80 to see which program has bound port 80. Also, check your conf files to make sure that you have no more NameVirtualHost *:80 directives.
Last, apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName is not an error, it's just a warning so you shouldn't be worried about this
Possible that there a service using port :80
Try netstat -tulpn |grep :80 on command line to see which service is occupying this port. In my case, it was nginx. I stopped the service then started the one I wanted to use (apache2).

how to access phpmyadmin only the port 8080 in apache

I've tried
vim /etc/phpmyadmin/apache.conf
but I can not put a VirtualHost here.
I want to change this configuration to list only the port 8080, can anyone help?
thank you
what I want is:
www.site.com/phpmyadmin -> failure
www.site.com:8080/phpmyadmin -> OK
I want to leave access to port 80 for the rest of the site.
You can change the Listen directive to 8080.
Search the apache configuration for Listen and change it from
Listen 80
to
Listen 8080
And restart the server. Bear in mind, this will be global to the whole apache server though. On centos or redhat, it'll be called "httpd.conf"
Usually the phpmayadmin configuration is included for all the Virtualhosts, that's a package installation behavior, and that's quite bad.
The file /etc/phpmyadmin/apache.conf is included from the main configuration (sometimes from a file in /etc/apache2/conf.d/phpmyadmin.conf).
Thoe first thing you could do is remove this main-all-virtualhosts-inclusion and only include this file with the Include keyword in one Virtualhost.
This allows two things, first you could use a dedicated ServerName for this host. Second you can alter the Port of the Virtualhost (or you can just do one of theses things).
Check this previous answer about IP/Name Virtualhosts, it will help you figure how Virtualhosts works. The Solution for you is to:
forbid the phpmyadmin configuration inclusion on the main-general-shared configuration level
Listen on both port 80 and 8080
Declare two NameVirtualHost, one on *:80 one on *:8080
Use a Virtualhost *:80 for classical application/websites, ServerName: www.site.com, ensure phpmyadmin configuration file is not included
Use a Virtualhost *:8080 including the phpmyadmin configuration, ServerName: www.site.com

"make_sock: could not bind to address [::]:443" when restarting apache (installing trac and mod_wsgi)

I'm trying to install trac and mod_wsgi over SSL. I tried to manually install it, but that didn't work out so well so I started to follow this: trac-on-ubuntu
I skipped the svn part because I'd like to use git instead. After the first edit of httpd.conf:
WSGIScriptAlias /trac /var/trac/apache/trac.wsgi
<Directory /var/trac/apache>
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
I restarted apache only to get this error:
* Restarting web server apache2
(98)Address already in use: make_sock: could not bind to address [::]:443
[ OK ]
Doing these showed nothing.
netstat -anp | grep 443
fuser 443/tcp
Doing this didn't yield anything except the grep command that I ran:
ps -aux | grep httpd
Why is it saying that something else is using the port when there's nothing showing up?
EDIT: You guys are going to laugh at this. I had an extra Listen 443 in ports.conf that shouldn't have been there. Removing that solved this.
You guys are going to laugh at this. I had an extra Listen 443 in ports.conf that shouldn't have been there. Removing that solved this.
Thank you for you answers, on apache 2.4.x versions if have installed ssl_module using yum command, dont want to add the port :443 in httpd.conf (main) file,
To find out the port 443 in configure files,
# grep '443' /etc/httpd/conf.d/*
/etc/httpd/conf.d/ssl.conf:Listen 443 https
/etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
# grep '443' /etc/httpd/conf/httpd.conf
Listen 443
Just remove the line or command it (Listen 443) from httpd.conf file.
I'm adding another answer to this as I had the same problem and solved it the same way:
I had installed SSL on apache2 using a2enmod ssl, which seems to have added an extra configuration in /etc/apache2/ports.conf:
NameVirtualHost *:80
Listen 80
NameVirtualHost *:443
Listen 443
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I had to comment out the first Listen 443 after the NameVirtualHost *:443 directive:
NameVirtualHost *:443
#Listen 443
But I'm thinking I can as well let it and comment the others.
Anyway, thank you for the solution :)
For everyone else who has no duplicate Listen directives and no running processes on the port: check that you don't accidentally include ports.conf twice in apache2.conf (as I did due to a bad merge).
I use apache version 2.4.27, also have this problem, solved it through modify
the conf/extra/httpdahssl.conf,comment the 18 line content(Listen 443 https),it works fine.
I am using Ubuntu. I just disabled ssl mode of apache2 and it worked for me.
a2dismod ssl
and then restarted apache2.
service apache2 restart
I made the mistake of incorrectly naming a backup file in the /etc/httpd/conf.d directory. In the README it states that it alphabetically goes through all .conf files.
I had created ssl-<date>.conf (meant to be a backup) and it was loading before ssl.conf. It was binding the :443 port based on the ssl-<date>.conf and failing on the ssl.conf.
Once I renamed the backup file to ssl.conf.<date>, the service started without issue.
As a note, the server I'm on is running RHEL 6
I seconded Matthieu answer
I commented #Listen 443 in httpd-ssl file and apache can be started
Because the file already has VirtualHost default:443
Let me add one more reason for the error. In httpd.conf I included explicitly
Include etc/apache24/extra/httpd-ssl.conf
while did not notice previous wildcard
Include etc/apache24/extra/*.conf
Grepping 443 will not find this.
I had same issue, was due to multiple copies of ssl.conf In /etc/httpd/conf.d - There should only be one.
I have checked and fixed the following and got it resolved -
httpd.conf file at /etc/httpd/conf/
Checked the listening IP and port e.g. 10.12.13.4:80
Removed extra listening port(s)
Restarted the httpd service to take
I meet the problem in windows7, phpeclipse, when I start the XAMPP.
My solution is :
1.Commented out the \xampp\apache\conf\httpd.conf -> line171 -> #LoadModule ssl_module modules/mod_ssl.so
2.line539 -> #Include conf/extra/httpd-ssl.conf
or you can change the 443 port to another one
In httpd.conf instead:
Listen *:443
you need write Listen 127.0.0.1:443
It works for me.

Apache named vhost not catching requests that should go to it

I have an Apache server with a group of name-based virtual hosts on it. Requests are sent to the server via an Apache reverse proxy, which forwards all requests for these site names to port 80 on the backend server. While most of these sites appear to be working fine, one vhost is failing to pick up requests for its designated site name, and these are instead being served by the default vhost.
Here's the configuration for the problematic host:
<VirtualHost *:80>
ServerName www.dev.awesome.ac.nz
ServerAdmin netaccount#auckland.ac.nz
ErrorLog logs/awesomeacnz.error.log
CustomLog logs/awesomeacnz.access.log common
Alias / /var/www/html/awesomeacnz/
</VirtualHost>
And here's the output of the Apache vhost diagnostic:
[aful018#wprappdev01 ~]$ sudo /usr/sbin/apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443 wprappdev01.its.auckland.ac.nz (/etc/httpd/conf.d/ssl.conf:74)
*:80 is a NameVirtualHost
default server asblog.auckland.ac.nz (/etc/httpd/conf.d/academicservices.conf:1)
port 80 namevhost asblog.auckland.ac.nz (/etc/httpd/conf.d/academicservices.conf:1)
port 80 namevhost www.dev.awesome.ac.nz (/etc/httpd/conf.d/awesomeacnz.conf:1)
port 80 namevhost www.dev.auckland.ac.nz (/etc/httpd/conf.d/insideword.conf:1)
port 80 namevhost spearblog.dev.auckland.ac.nz (/etc/httpd/conf.d/spear.conf:1)
port 80 namevhost wordpress-theme.dev.auckland.ac.nz (/etc/httpd/conf.d/theme-dev.conf:1)
Syntax OK
I can't see anything in the above that suggests a problem, but when I send a request for anything on www.dev.awesome.ac.nz the request is served by the vhost for asblog.auckland.ac.nz, which as you can see above is the default host.
Does anyone know why the vhost defined above would not be matching requests for that site? The NameVirtualHost directive in httpd.conf is set to *:80, and other similarly- (not identically-) configured sites on the same server are working fine.
The server is apache 2.2.15 running on Red Hat EL 6.1.