Re: Help tracking down a weird error with Apache and local / remote connections.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm using EA4.   I'll look into the include files, but if they're what I think they are, I had an extremely difficult time getting them to work properly last time.

I couldn't find a way to redirect all traffic going to port 80 to port 443 globally using the Apache configuration file.   I had to use mod_rewrite in an .htaccess file.   I found away to do it, but it would only redirect them to the main domain, not the stuff after that.   For example, http://www.jetbbs.com/stuff/index.html would get redirected to https://www.jetbbs.com    not https://www.jetbbs.com/stuff/index.html.    I had to use mod_rewrite to accomplish that.

Thanks again Yehuda for all the help!   I cannot tell you how much I appreciate you helping me track down what was really happening here.

On Tue, Feb 7, 2017 at 4:26 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
If you want to modify the cPanel-generated configuration, look at custom config:

If you are using EA4: https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files
EA3 has a similar feature, but I can't find the documentation right now.

- Y

On Tue, Feb 7, 2017 at 4:15 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:
Thank you.

I have tried running curl -4 http://www.jetbbs.com/.well-known/test.html        and     curl -6 http://www.jetbbs.com/.well-known/test.html


I'm posting a copy of the httpd -S output.



httpd -S
VirtualHost configuration:
45.33.78.219:80        is a NameVirtualHost
         default server 45.33.78.219 (/etc/apache2/conf/httpd.conf:240)
         port 80 namevhost 45.33.78.219 (/etc/apache2/conf/httpd.conf:240)
         port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281)
         port 80 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:345)
         port 80 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:409)
         port 80 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:473)
         port 80 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:537)
         port 80 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:601)
         port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665)
45.33.78.219:443       is a NameVirtualHost
         default server jetbbs.com (/etc/apache2/conf/httpd.conf:732)
         port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732)
         port 443 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:812)
         port 443 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:892)
         port 443 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:972)
         port 443 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:1052)
         port 443 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:1132)
         port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:1212)
[2600:3c03::f03c:91ff:fee0:11b4]:80 is a NameVirtualHost
         default server jetbbs.com (/etc/apache2/conf/httpd.conf:281)
         port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281)
         port 80 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:345)
         port 80 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:409)
         port 80 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:473)
         port 80 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:537)
         port 80 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:601)
         port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665)
[2600:3c03::f03c:91ff:fee0:11b4]:443 is a NameVirtualHost
         default server jetbbs.com (/etc/apache2/conf/httpd.conf:732)
         port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732)
         port 443 namevhost cpcalendars.jetbbs.com (/etc/apache2/conf/httpd.conf:812)
         port 443 namevhost cpcontacts.jetbbs.com (/etc/apache2/conf/httpd.conf:892)
         port 443 namevhost webdisk.jetbbs.com (/etc/apache2/conf/httpd.conf:972)
         port 443 namevhost webmail.jetbbs.com (/etc/apache2/conf/httpd.conf:1052)
         port 443 namevhost cpanel.jetbbs.com (/etc/apache2/conf/httpd.conf:1132)
         port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:1212)
*:*                    franklin.jetbbs.com (/etc/apache2/conf/httpd.conf:260)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/etc/apache2/htdocs"
Main ErrorLog: "/etc/apache2/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: dir="/run/apache2" mechanism=fcntl 
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex rewrite-map: dir="/run/apache2" mechanism=fcntl 
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/run/apache2/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="nobody" id=99
Group: name="nobody" id=99


I think we figured this out.   That default server 45.33.78.219 for 45.33.78.219:80    is the key.   If I run curl -S http://www.jetbbs.com/.well-known/test.html on the server running Apache, I finally see the franklin.jetbbs.com-test file.   If I run curl -S https://www.jetbbs.com/.well-known/test.html, I see the jetbbs.com-test file.   If I run the -6, I see the jetbbs.com-test file.   It seems that default server for port 80 is only there for port 80 and not port 443.

This is probably why I'm failing my security scan.   I'm not redirecting all traffic to port 443.   I want to be.   I used rewrite rules and as far as I could tell, I was.   But that default server 45.33.78.219 (IPv4) stuff isn't getting redirected.   I'm guessing that was added by cPanel.   I need to find away to redirect that now to port 443.   I can't just add an entry in the .htaccess file under /var/www/html   because cPanel says those files can get deleted at any time.

Thank you so much for helping me finally understand what's going on!!!   You were correct, it's not a bug with Apache.   This was a real big head scratcher for me, I really appreciate it!!!!!!

On Sun, Feb 5, 2017 at 11:03 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
The next thing that comes to mind is your IPv6 virtual host. None of my webservers currently have IPv6 enabled, so I can't test this.
Try to force the connection to use IPv4 or IPv6 and see if that makes a difference.

You can try running httpd -S on the webserver to get a list of virtual hosts by IP address which may also give you an idea of why a particular virtual host is selected.

- Y

On Sun, Feb 5, 2017 at 9:10 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:
Okay.   I've been able to reproduce the results.   I removed the two ServerAlias www.jetbbs.com entries (one for port 80 and the other for port 443).   To prevent confusion, I'll tell my hostnames.

Eugene: My local machine that I use to surf the internet
Franklin: My VPS that runs Apache.

on Franklin, I run dig www.jetbbs.com, I see:


; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17479
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:

;; ANSWER SECTION:
www.jetbbs.com. 14120 IN A 45.33.78.219

;; Query time: 0 msec
;; SERVER: 96.126.106.5#53(96.126.106.5)
;; WHEN: Sun Feb 05 20:59:22 EST 2017
;; MSG SIZE  rcvd: 59




On Eugene (my local machine), I run dig www.jetbbs.com, I see:

; <<>> DiG 9.10.4-P5 <<>> www.jetbbs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34470
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:

;; ANSWER SECTION:
www.jetbbs.com. 14399 IN A 45.33.78.219

;; Query time: 132 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb 05 21:01:02 EST 2017
;; MSG SIZE  rcvd: 59




Here's what my /etc/hosts file looks like on Franklin:
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

# The following lines are desirable for IPv6 capable hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
2600:3c03::f03c:91ff:fee0:11b4 franklin
45.33.78.219 franklin.jetbbs.com franklin



Here's what my /etc/hosts file looks like on Eugene (my local machine):
# hosts         This file describes a number of hostname-to-address
#               mappings for the TCP/IP subsystem.  It is mostly
#               used at boot time, when no name servers are running.
#               On small systems, this file can be used instead of a
#               "named" name server.
# Syntax:
# IP-Address  Full-Qualified-Hostname  Short-Hostname
127.0.0.1 localhost
# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
192.168.2.5 eugene eugene




I setup two test files that look like this:
/home/<username>/public_html/.well-known/test.html
   www.jetbbs.com and jetbbs.com test

/var/www/html/.well-known/test.html
   franklin.jetbbs.com test


On Franklin, I run curl www.jetbbs.com/.well-known/test.html and see this:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="" href="https://www.jetbbs.com/.well-known/test.html" target="_blank">https://www.jetbbs.com/.well-known/test.html">here</a>.</p>
</body></html>


So I run curl https://www.jetbbs.com/.well-known/test.html and see this:
jetbbs.com and www.jetbbs.com test


But on Eugene (my local machine), and everyone elses machine, when I run:
curl www.jetbbs.com/.well-known/test.html, I see:
  franklin.jetbbs.com test

I still don't fully understand why I'm seeing different results based on whether I run the command on the server running Apache or whether I run it on another machine.   There's no www.jetbbs.com entry in the hosts file.   Is there some other place that might make it so when I'm logged into Franklin, when I type www.jetbbs.com, something converts it to the IP address of my server?   If so, then I understand what's going on, if not, I'm still confused.

On Sun, Feb 5, 2017 at 8:27 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
If you want to provide your whole config file, I suggest creating a gist or pastebin post.
You should also just run dig or host on the domain name from both machines and make sure you get the same results.

- Y

On Sun, Feb 5, 2017 at 8:25 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:
So you don't think it's a bug in Apache?   Okay.   I only have two IP addresses.   One is an IPv4 IP address, one is an IPv6 IP address.   When I get some more time, I'll try some experimenting and see if I can duplicate the issue.   If it's okay with the mailing list, I'd like to provide a copy of my entire Apache configuration file.   I'd really like to try and understand what exactly happened.   There was no ServerName www.example.com anywhere in the Apache config file, there was no ServerAlias www.example.com in the Apache config file.   I think I might understand what you're saying.

On the remote server, when I ran curl, maybe it converted www.example.com to the IP address, so instead of going to www.example.com, I was actually going to 192.168.2.2, for example.  I've looked at my hosts file, I have an entry for hostname.domain.com, but nothing for www.domain.com.

On Sun, Feb 5, 2017 at 7:38 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
This is a common enough setup that it is unlikely to be a bug and more likely to be a configuration error.

cPanel creates VirtualHosts using the IP address of the server. For example, I have a cPanel server running behind NAT, so there are two default virtual hosts:
<VirtualHost 192.168.118.82:80>
    ServerName 192.168.118.82
    DocumentRoot /var/www/html
    ServerAdmin hostmaster@xxxxxxxxxxx
    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
</VirtualHost>
<VirtualHost *>
    ServerName ph04.example.com
    DocumentRoot /var/www/html
    ServerAdmin hostmaster@xxxxxxxxxxx
    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>
</VirtualHost>

The actual account Virtual Host uses the IP address in the VirtualHost block, so the default that would be selected would be the one with the IP address:

<VirtualHost 192.168.118.82:80>
  ServerName example.net
  DocumentRoot /home2/example_net/public_html
  ServerAdmin webmaster@xxxxxxxxxxx

would fall back to the first Virtual Host because it is more specific.

If there is a different IP for the website on one of your systems - for example in the hosts file - that would cause it to all back to a different Virtual Host than you expect because the IP doesn't match.

- Y


On Sun, Feb 5, 2017 at 6:44 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:
Yehuda,

Could you please explain what you mean in a little more detail?   I only have one server running Apache and I only have that one DNS server.   I don't really see how my DNS server could be setup in such away where it affects Apache's DocumentRoot's directive...

When I was logged into the remote server running Apache, Apache was serving files from a different directory than it was when I was accessing Apache via my local machine.   I hope that makes sense.   Looking at my Apache conf log, when I was accessing Apache from my local machine, it was acting properly, because I didn't have a VirtualHost setup for the www host, but when I was accessing Apache from the server that was running Apache, it was serving files from the domain.com VirtualHost directory.    ServerAliases have been commented out.   To my knowledge, this should not happen.

I can probably regenerate it.   I've restarted the server and everything, but I was thinking maybe this was some sort of bug and not a misconfigured server.

On Sun, Feb 5, 2017 at 4:47 PM, Yehuda Katz <yehuda@xxxxxxxxxx> wrote:
Did you check your DNS to make sure both systems are resolving to the same IP address?

- Y


On Thu, Jan 26, 2017 at 3:31 PM, Spork Schivago <sporkschivago@xxxxxxxxx> wrote:
I have a bit of a weird problem that I'd like some help tracking down.   I'm pretty sure it's something with Apache.   In my Apache 2.4.25 (cPanel) config file, I have the ServerAliases disabled.   There's a "catch-all" entry for unbound IPs, that look like this:

<VirtualHost *>
    ServerName myhostname.mydomain.com
    DocumentRoot /var/www/html
    ServerAdmin myrealemail@xxxxxxxxxxxxx

    <IfModule suphp_module>
        suPHP_UserGroup nobody nobody
    </IfModule>

</VirtualHost>

Further down, I have a VirtualHost entry for mydomain.com, which has a DocumentRoot of /home/<myusername>/public_html

I setup a test file, /home/<myusername>/public_html/.well-known/acme-challenge/test that says www.mydomain.com-test.

Then I setup another test file, /var/www/html/.well-known/acme-challenge/test that says myhostname.mydomain.com-test

I have .htaccess files in /home/<myusername>/public_html that redirect all traffic to secure ports.   I have cPanel installed and have manually setup subdomains for the various cPanel stuff.

Anyway, when I run the following command on the remote server:
   curl http://www.mydomain.com/.well-known/acme-challenge/test

I see the 301 redirect.   When I run:
   curl https://www.mydomain.com/.well-known/acme-challenge/test
I see the:
   www.mydomain.com-test


However, when I run those commands on my local Linux box instead of the remote server that's running Apache, I see:
  curl http://www.mydomain.com/.well-known/acme-challenge/test
  myhostname.mydomain-test

  curl https://www.mydomain.com/.well-known/acme-challenge/test
  www.mydomain.com-test


It's not just curl, lynx, the command line web browser, does the same thing.   On the remote computer that's running Apache, for some reason, I'm seeing different results than I am when I run the commands on my local Linux box.

Any idea what's going on?

Thanks!

Sincerely,
Ken Swarthout











[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux