Generally I would never define virtualhosts with <Virtualhost *>, I
think it is better and more straightforward to specify everything,
specially when starting to admin your first apache servers. For
example purposes, let's say I would define them like these in a more
straightforward way:
Listen 80
Listen 443
<Virtualhost *:80>
ServerName whatever.example.com
Redirect / https://whatever.example.com/
CustomLog logs/whatevever.example.com.log common
</VirtualHost>
<VirtualHost *:443>
ServerName whatever.example.com
CustomLog logs/whatevever.example.com-ssl.log combined
..
.
.
</VirtualHost>
<Virtualhost *:80>
ServerName somethingelse.example.com
CustomLog logs/somethingelse.example.com.log common
Redirect / https://somethingelse.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName somethingelse.example.com
CustomLog logs/somethingelse.example.com-ssl.log combined
.
.
.
</VirtualHost>
I think this way it is quite hard to get lost.
There are more brief setups you can go for but for a couple of domains
it pays off to go like this, I would recommend you to define
everything clearly to know where everything is going instead of trying
to take shortcuts.
Also make sure to restart between chances gracefully or with a restart.
And for testing use a client which does not cache contents, aka, "curl
-Ik https://whatever.example.com/";
A sidenote:
Also, about the files you mention, take into account that for apache,
config files do not mean much when interpreting the configuration, but
context/sections and order in which directives have been defined
really do, most times you mention different config files people in
this list may not pay too much attention to their names because of it.
Debian and other distros tend to convolute config files making it look
like a difficult mess for newcomers, when for small configurations
sometimes with few virtualhosts it may pay off to go smaller or even
single file.
El mar, 20 abr 2021 a las 14:29, Adrian
(<adrian@xxxxxxxxxxxxxx.invalid>) escribió:
>
> Thanks again Daniel
>
> I've added a ServerName line to the top level vhost with the name of my
> server. No change.
>
> Yes, there are two files in sites-enabled, 000-default and 000-ssl. I
> suspect that's the cause of the problem.
>
> I'd thought that 000-ssl only had SSL-related things and had assumed
> that the other settings defaulted to the values in 000-default, but
> maybe not. I see that both versions contain a DocumentRoot.
>
> So that raises the question that if only one of these is being used,
> and it's the SSL one using port 443, how do I configure the change to
> work for port 80 requests? Do I have to add the same lines to both?
>
> Though in practice my http:// URLs are being redirected to https://
> somehow, so I can't tell how a port 80 request would behave.
>
> Thanks
> Adrian
>
> On Tue, 20 Apr 2021 13:38:08 +0200
> Daniel Ferradal <dferradal@xxxxxxxxxx> wrote:
>
> > Hello,
> >
> > This says you have two virtualhosts pointing to the same name, so only
> > the first one will be used:
> >
> > (/etc/apache2/sites-enabled/000-default.conf:46) *:443
> > is a NameVirtualHost default server www.example.org
> > (/etc/apache2/sites-enabled/000-ssl:2) port 443 namevhost
> > www.example.org
> >
> > But still that virtualhost you just pasted has no servername, so that
> > one may be very well catching everything.
> >
> > These things can be quite easy to see if you are still in doubt.
> > Define a specific access log for each virtualhost with different file
> > names, check where you land.
> >
> > When defining several virtualhosts define a unique servername for each
> > always. Remember first match wins.
> >
> > El mar, 20 abr 2021 a las 12:35, Adrian
> > (<adrian@xxxxxxxxxxxxxx.invalid>) escribió:
> > >
> > > Thanks Daniel.
> > >
> > > I had one redundant .htaccess file in the vhost domain, now removed.
> > > Restarted and no change.
> > >
> > > Results of apachectl -S below:
> > >
> > > apachectl -S
> > > [Tue Apr 20 11:22:05.839049 2021] [so:warn] [pid 2744] AH01574:
> > > module ssl_module is already loaded, skipping VirtualHost
> > > configuration: *:* is a NameVirtualHost
> > > default server myserver.io
> > > (/etc/apache2/sites-enabled/000-default.conf:1) port * namevhost
> > > myserver.io (/etc/apache2/sites-enabled/000-default.conf:1) port *
> > > namevhost www.example.org
> > > (/etc/apache2/sites-enabled/000-default.conf:46) *:443
> > > is a NameVirtualHost default server www.example.org
> > > (/etc/apache2/sites-enabled/000-ssl:2) port 443 namevhost
> > > www.example.org (/etc/apache2/sites-enabled/000-ssl:2) ServerRoot:
> > > "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog:
> > > "/var/log/apache2/error.log" Mutex mpm-accept: using_defaults
> > > Mutex watchdog-callback: using_defaults
> > > Mutex rewrite-map: using_defaults
> > > Mutex ssl-stapling-refresh: using_defaults
> > > Mutex ssl-stapling: using_defaults
> > > Mutex proxy: using_defaults
> > > Mutex ssl-cache: using_defaults
> > > Mutex default: dir="/var/lock/apache2" mechanism=fcntl
> > > PidFile: "/var/run/apache2.pid"
> > > Define: DUMP_VHOSTS
> > > Define: DUMP_RUN_CFG
> > > User: name="www-data" id=33
> > > Group: name="www-data" id=33
> > >
> > > There is a top-level vhost which maps "http://myserver.io"; to the
> > > top-level docroot, though oddly it doesn't seem to see the files
> > > there. Here is the content. Below this is the vhost I originally
> > > listed, and below that another vhost which maps a different domain
> > > to a different docroot.
> > >
> > > <VirtualHost *> ServerAdmin webmaster@localhost
> > >
> > > DocumentRoot /var/www/
> > > <Directory / >
> > > Options FollowSymLinks
> > > AllowOverride All
> > > </Directory>
> > > <Directory /var/www/>
> > > Options Indexes FollowSymLinks MultiViews
> > > AllowOverride All
> > > Require all granted
> > > # This directive allows us to have apache2's default
> > > start page # in /apache2-default/, but still have / go to the right
> > > place # RedirectMatch ^/$ /apache2-default/
> > > </Directory>
> > >
> > > ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
> > >
> > > <Directory "/usr/lib/cgi-bin">
> > > AllowOverride None
> > > Options ExecCGI MultiViews SymLinksIfOwnerMatch
> > > Require all granted
> > > </Directory>
> > >
> > > ErrorLog /var/log/apache2/error.log
> > >
> > > # Possible values include: debug, info, notice, warn, error,
> > > # crit, alert, emerg.
> > > LogLevel warn
> > >
> > > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> > > \"%{User-agent}i\"" combined
> > > CustomLog /var/log/apache2/access.log combined
> > > ServerSignature On
> > >
> > > Alias /doc/ "/usr/share/doc/"
> > > <Directory "/usr/share/doc/">
> > > Options Indexes MultiViews FollowSymLinks
> > > AllowOverride None
> > > Require local
> > > </Directory>
> > > </VirtualHost>
> > >
> > > There's nothing in apache2.conf that looks suspicious to me but I
> > > can list it if it helps.
> > >
> > > Adrian
> > >
> > > On Tue, 20 Apr 2021 12:10:09 +0200
> > > Daniel Ferradal <dferradal@xxxxxxxxxx> wrote:
> > >
> > > > Check "apachectl -S" output in case there is some other
> > > > virtualhost there getting the requests.
> > > >
> > > > That virtualhost as it is should deny access, if it is not, then
> > > > there is something missing in what you show. Not sure if it may
> > > > be another virtualhost or another virtualhost and .htaccess, etc.
> > > >
> > > > El mar, 20 abr 2021 a las 12:01, Adrian
> > > > (<adrian@xxxxxxxxxxxxxx.invalid>) escribió:
> > > > >
> > > > > using Apache/2.4.38 (Debian)
> > > > > with Debian-style split config.
> > > > >
> > > > > Here are the relevant bits of a vhost. This is
> > > > > in /etc/apache2/sites-enabled/000-default.
> > > > >
> > > > > <VirtualHost *>
> > > > > ServerName www.example.org
> > > > > DocumentRoot /var/www/example
> > > > > CustomLog /var/log/apache2/example/access.log combined
> > > > >
> > > > > <Directory "/var/www/example/" >
> > > > > # DISABLE THE ENTIRE DOCROOT
> > > > > Require all denied
> > > > > </Directory>
> > > > > </VirtualHost>
> > > > >
> > > > > I restarted Apache and browsed a page that isn't in cache. It
> > > > > loaded as normal.
> > > > >
> > > > > My real question is that basic file auth is also ignored, but I
> > > > > thought I'd start simple.
> > > > >
> > > > > Things that might be related, to rule them out:
> > > > > ${APACHE_LOCK_DIR} and ${APACHE_RUN_DIR} are not defined.
> > > > >
> > > > > I have the compatibility module loaded, as I migrated from
> > > > > 2.2, but as far as I can see I have no remaining 2.2 syntax in
> > > > > my config.
> > > > >
> > > > > Let me know what else you may need and I'll provide it.
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > > >
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
--
Daniel Ferradal
HTTPD Project
#httpd help at Freenode
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|