If you want to modify the cPanel-generated configuration, look at custom config:If you are using EA4: https://documentation.cpanel.net/display/EA4/Modify+Apache+ Virtual+Hosts+with+Include+ Files EA3 has a similar feature, but I can't find the documentation right now.- YOn Tue, Feb 7, 2017 at 4:15 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:Thank you.
I have tried running curl -4 http://www.jetbbs.com/.well-known/test.html and curl -6 http://www.jetbbs.com/.well-known/test.html
I'm posting a copy of the httpd -S output.httpd -SVirtualHost configuration:45.33.78.219:80 is a NameVirtualHostdefault server 45.33.78.219 (/etc/apache2/conf/httpd.conf:240) port 80 namevhost 45.33.78.219 (/etc/apache2/conf/httpd.conf:240) port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281) port 80 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:345) port 80 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:409) port 80 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:473) port 80 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:537) port 80 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:601) port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665) 45.33.78.219:443 is a NameVirtualHostdefault server jetbbs.com (/etc/apache2/conf/httpd.conf:732) port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732) port 443 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:812) port 443 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:892) port 443 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:972) port 443 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:1052) port 443 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:1132) port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:1212) [2600:3c03::f03c:91ff:fee0:11b4]:80 is a NameVirtualHost default server jetbbs.com (/etc/apache2/conf/httpd.conf:281) port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281) port 80 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:345) port 80 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:409) port 80 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:473) port 80 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:537) port 80 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:601) port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665) [2600:3c03::f03c:91ff:fee0:11b4]:443 is a NameVirtualHost default server jetbbs.com (/etc/apache2/conf/httpd.conf:732) port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732) port 443 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:812) port 443 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:892) port 443 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:972) port 443 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:1052) port 443 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:1132) port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:1212) *:* franklin.jetbbs.com (/etc/apache2/conf/httpd.conf:260) ServerRoot: "/etc/apache2"Main DocumentRoot: "/etc/apache2/htdocs"Main ErrorLog: "/etc/apache2/logs/error_log"Mutex ssl-stapling: using_defaultsMutex proxy: using_defaultsMutex ssl-cache: dir="/run/apache2" mechanism=fcntlMutex default: dir="/var/run/apache2/" mechanism=defaultMutex mpm-accept: using_defaultsMutex rewrite-map: dir="/run/apache2" mechanism=fcntlMutex ssl-stapling-refresh: using_defaultsPidFile: "/run/apache2/httpd.pid"Define: DUMP_VHOSTSDefine: DUMP_RUN_CFGDefine: MODSEC_2.5Define: MODSEC_2.9User: name="nobody" id=99Group: name="nobody" id=99
I think we figured this out. That default server 45.33.78.219 for 45.33.78.219:80 is the key. If I run curl -S http://www.jetbbs.com/.well-known/test.html on the server running Apache, I finally see the franklin.jetbbs.com-test file. If I run curl -S https://www.jetbbs.com/.well-known/test.html , I see the jetbbs.com-test file. If I run the -6, I see the jetbbs.com-test file. It seems that default server for port 80 is only there for port 80 and not port 443.
This is probably why I'm failing my security scan. I'm not redirecting all traffic to port 443. I want to be. I used rewrite rules and as far as I could tell, I was. But that default server 45.33.78.219 (IPv4) stuff isn't getting redirected. I'm guessing that was added by cPanel. I need to find away to redirect that now to port 443. I can't just add an entry in the .htaccess file under /var/www/html because cPanel says those files can get deleted at any time.
Thank you so much for helping me finally understand what's going on!!! You were correct, it's not a bug with Apache. This was a real big head scratcher for me, I really appreciate it!!!!!!On Sun, Feb 5, 2017 at 11:03 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:The next thing that comes to mind is your IPv6 virtual host. None of my webservers currently have IPv6 enabled, so I can't test this.Try to force the connection to use IPv4 or IPv6 and see if that makes a difference.You can try running httpd -S on the webserver to get a list of virtual hosts by IP address which may also give you an idea of why a particular virtual host is selected.- YOn Sun, Feb 5, 2017 at 9:10 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:Okay. I've been able to reproduce the results. I removed the two ServerAlias www.jetbbs.com entries (one for port 80 and the other for port 443). To prevent confusion, I'll tell my hostnames.
Eugene: My local machine that I use to surf the internet
Franklin: My VPS that runs Apache.
on Franklin, I run dig www.jetbbs.com, I see:dig www.jetbbs.com; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> www.example.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17479;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;; ANSWER SECTION:;; Query time: 0 msec;; SERVER: 96.126.106.5#53(96.126.106.5);; WHEN: Sun Feb 05 20:59:22 EST 2017;; MSG SIZE rcvd: 59
On Eugene (my local machine), I run dig www.jetbbs.com, I see:dig www.jetbbs.com; <<>> DiG 9.10.4-P5 <<>> www.jetbbs.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34470;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 512;; QUESTION SECTION:;; ANSWER SECTION:;; Query time: 132 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Sun Feb 05 21:01:02 EST 2017;; MSG SIZE rcvd: 59
Here's what my /etc/hosts file looks like on Franklin:# The following lines are desirable for IPv4 capable hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4# The following lines are desirable for IPv6 capable hosts::1 localhost localhost.localdomain localhost6 localhost6.localdomain62600:3c03::f03c:91ff:fee0:11b4 franklin45.33.78.219 franklin.jetbbs.com franklin
Here's what my /etc/hosts file looks like on Eugene (my local machine):# hosts This file describes a number of hostname-to-address# mappings for the TCP/IP subsystem. It is mostly# used at boot time, when no name servers are running.# On small systems, this file can be used instead of a# "named" name server.# Syntax:# IP-Address Full-Qualified-Hostname Short-Hostname127.0.0.1 localhost# special IPv6 addresses::1 localhost ipv6-localhost ipv6-loopbackfe00::0 ipv6-localnetff00::0 ipv6-mcastprefixff02::1 ipv6-allnodesff02::2 ipv6-allroutersff02::3 ipv6-allhosts192.168.2.5 eugene eugene
I setup two test files that look like this:
/home/<username>/public_html/.well-known/test.html
www.jetbbs.com and jetbbs.com test
/var/www/html/.well-known/test.html franklin.jetbbs.com test
On Franklin, I run curl www.jetbbs.com/.well-known/test.html and see this:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="" href="https://www.jetbbs.com/.well-known/test.html" target="_blank">https://www.jetbbs.com/.well-known/test.html">here</a> .</p> </body></html>
So I run curl https://www.jetbbs.com/.well-known/test.html and see this:
jetbbs.com and www.jetbbs.com test
But on Eugene (my local machine), and everyone elses machine, when I run:
curl www.jetbbs.com/.well-known/test.html , I see:
franklin.jetbbs.com test
I still don't fully understand why I'm seeing different results based on whether I run the command on the server running Apache or whether I run it on another machine. There's no www.jetbbs.com entry in the hosts file. Is there some other place that might make it so when I'm logged into Franklin, when I type www.jetbbs.com, something converts it to the IP address of my server? If so, then I understand what's going on, if not, I'm still confused.On Sun, Feb 5, 2017 at 8:27 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:If you want to provide your whole config file, I suggest creating a gist or pastebin post.You should also just run dig or host on the domain name from both machines and make sure you get the same results.- YOn Sun, Feb 5, 2017 at 8:25 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:So you don't think it's a bug in Apache? Okay. I only have two IP addresses. One is an IPv4 IP address, one is an IPv6 IP address. When I get some more time, I'll try some experimenting and see if I can duplicate the issue. If it's okay with the mailing list, I'd like to provide a copy of my entire Apache configuration file. I'd really like to try and understand what exactly happened. There was no ServerName www.example.com anywhere in the Apache config file, there was no ServerAlias www.example.com in the Apache config file. I think I might understand what you're saying.
On the remote server, when I ran curl, maybe it converted www.example.com to the IP address, so instead of going to www.example.com, I was actually going to 192.168.2.2, for example. I've looked at my hosts file, I have an entry for hostname.domain.com, but nothing for www.domain.com.On Sun, Feb 5, 2017 at 7:38 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:This is a common enough setup that it is unlikely to be a bug and more likely to be a configuration error.cPanel creates VirtualHosts using the IP address of the server. For example, I have a cPanel server running behind NAT, so there are two default virtual hosts:<VirtualHost 192.168.118.82:80>
ServerName 192.168.118.82
DocumentRoot /var/www/html
ServerAdmin hostmaster@xxxxxxxxxxx
<IfModule suphp_module>
suPHP_UserGroup nobody nobody
</IfModule>
</VirtualHost>
<VirtualHost *>
ServerName ph04.example.com
DocumentRoot /var/www/html
ServerAdmin hostmaster@xxxxxxxxxxx
<IfModule suphp_module>
suPHP_UserGroup nobody nobody
</IfModule>
</VirtualHost>The actual account Virtual Host uses the IP address in the VirtualHost block, so the default that would be selected would be the one with the IP address:<VirtualHost 192.168.118.82:80>
ServerName example.net
DocumentRoot /home2/example_net/public_html
ServerAdmin webmaster@xxxxxxxxxxxwould fall back to the first Virtual Host because it is more specific.If there is a different IP for the website on one of your systems - for example in the hosts file - that would cause it to all back to a different Virtual Host than you expect because the IP doesn't match.- YOn Sun, Feb 5, 2017 at 6:44 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:Yehuda,
Could you please explain what you mean in a little more detail? I only have one server running Apache and I only have that one DNS server. I don't really see how my DNS server could be setup in such away where it affects Apache's DocumentRoot's directive...
When I was logged into the remote server running Apache, Apache was serving files from a different directory than it was when I was accessing Apache via my local machine. I hope that makes sense. Looking at my Apache conf log, when I was accessing Apache from my local machine, it was acting properly, because I didn't have a VirtualHost setup for the www host, but when I was accessing Apache from the server that was running Apache, it was serving files from the domain.com VirtualHost directory. ServerAliases have been commented out. To my knowledge, this should not happen.
I can probably regenerate it. I've restarted the server and everything, but I was thinking maybe this was some sort of bug and not a misconfigured server.On Sun, Feb 5, 2017 at 4:47 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:Did you check your DNS to make sure both systems are resolving to the same IP address?- YOn Thu, Jan 26, 2017 at 3:31 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:I have a bit of a weird problem that I'd like some help tracking down. I'm pretty sure it's something with Apache. In my Apache 2.4.25 (cPanel) config file, I have the ServerAliases disabled. There's a "catch-all" entry for unbound IPs, that look like this:<VirtualHost *>ServerName myhostname.mydomain.comDocumentRoot /var/www/htmlServerAdmin myrealemail@xxxxxxxxxxxxx<IfModule suphp_module>suPHP_UserGroup nobody nobody</IfModule></VirtualHost>
Further down, I have a VirtualHost entry for mydomain.com, which has a DocumentRoot of /home/<myusername>/public_html
I setup a test file, /home/<myusername>/public_html/.well-known/acme-challenge/te st that says www.mydomain.com-test.
Then I setup another test file, /var/www/html/.well-known/acme-challenge/test that says myhostname.mydomain.com-test
I have .htaccess files in /home/<myusername>/public_html that redirect all traffic to secure ports. I have cPanel installed and have manually setup subdomains for the various cPanel stuff.
Anyway, when I run the following command on the remote server:
curl http://www.mydomain.com/.well-known/acme-challenge/test
I see the 301 redirect. When I run:
curl https://www.mydomain.com/.well-known/acme-challenge/test
I see the:
www.mydomain.com-test
However, when I run those commands on my local Linux box instead of the remote server that's running Apache, I see:
curl http://www.mydomain.com/.well-known/acme-challenge/test myhostname.mydomain-test
curl https://www.mydomain.com/.well-known/acme-challenge/test
www.mydomain.com-test
It's not just curl, lynx, the command line web browser, does the same thing. On the remote computer that's running Apache, for some reason, I'm seeing different results than I am when I run the commands on my local Linux box.
Any idea what's going on?
Thanks!
Sincerely,
Ken Swarthout
|