Weard apache subdomains - apache2

i'm currently trying to configure apache2.
I have 3 A records to my server:
domain.io
sub1.domain.io
sub2.domain.io
I have a apache config:
<VirtualHost *:80>
ServerName sub1.domain.io
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName sub1.domain.io
DocumentRoot "/var/www/sub1/public"
AllowEncodedSlashes On
php_value upload_max_filesize 100M
php_value post_max_size 100M
<Directory "/var/www/sub1/public">
Require all granted
AllowOverride all
</Directory>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sub1.domain.io/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sub1.domain.io/privkey.pem
</VirtualHost>
Now i would expect apache to only show some content for sub1.domain.io, but apache shows content for every domain, alos domain.io and sub2.domain.io. Can somebody pleas help me?

Related

Too Many Redirects for non-proxypass site only

I am running nodejs for my systems backend management but I have a mediawiki for documentation. I was able to access the mediawiki through example.com/mediawiki but no I get too many redirects. Though I can still access my backend as normal, example.com/login. I have checked my other configs for rogue redirects and didnt find any. Also, I checked apache2.conf.
Here is my vhost
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
Redirect permanent /mediawiki https://example.com/mediawiki/
</VirtualHost>
<VirtualHost *:443>
Redirect permanent / https://example.com/login
SSLEngine on
SSLProxyEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/example_cert.crt
SSLCertificateKeyFile /etc/ssl/private/example_cert.key
SSLCertificateChainFile /etc/ssl/certs/incommon_interm.crt
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
Header set Access-Control-Allow-Origin "*"
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
Require all granted
</Proxy>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:9000/$1 [P,L]
ProxyPass /login http://localhost:3000/login
ProxyPassReverse /login http://localhost:3000/login
</VirtualHost>

Using Apache2 AND Tomcat8 on AWS Lightsail with Loadbalancer / OpenSSL

I'm running websites on AWS Lightsail using Ubuntu 16.04.6 with Apache 2.4 AND a Tomcat 8.0.32.
The Apache2 site hosts the bulk of my websites as they use PHP and PostgreSQL. The Tomcat is easy for hosting Geoserver.
I have a DNS and loadbalancer on AWS LightSail. I'm trying to figure out how to make both sights seamless using virtualhost. The apache2 sites come out okay, but the tomcats sites do not. I get this error
You don't have permission to access this resource.
Apache/2.4.18 (Ubuntu) Server at tomcat.some-kind-of-site.org Port 80
I'm trying to follow this instructions, but there are some difference in the setup from what I have:
http://www.creang.com/howtoforge/howto_set_up_tomcat_8_with_apache_2_4_and_mod_jk_on_ubuntu/
I have my SSL info on the default-ssl-conf file
My tomcat8 server.xml contains:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Here's my sites-enabled config file:
<VirtualHost *:80>
ServerAdmin someone#gmail.com
ServerName www.some-kind-of-site.org
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://www.some-kind-of-site.org$1 [R=301,NE,L]
DocumentRoot /var/www/html/main-site/
Alias /multi-site /var/www/html/multi-site
Alias /file-folder /var/www/html/file-folder
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName manage.some-kind-of-site.org
DocumentRoot /var/www/html/main-mgmt/
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://manage.some-kind-of-site.org$1 [R=301,NE,L]
Alias /multi-site /var/www/html/multi-site
Alias /file-folder /var/www/html/file-folder
Alias /main-mgmt /var/www/html/main-mgmt
Alias /main-site /var/www/html/main-site
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin someone#gmail.com
ServerName tomcat.some-kind-of-site.org
DocumentRoot /var/lib/tomcat8/
Alias /multi-site /var/www/html
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://tomcat.some-kind-of-site.org$1 [R=301,NE,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName geoserver.some-kind-of-site.org
DocumentRoot /var/lib/tomcat8/webapps/geoserver/
Alias /multi-site /var/www/html
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://geoserver.some-kind-of-site.org$1 [R=301,NE,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin someone#gmail.com
ServerName www.some-kind-of-site.org
DocumentRoot /var/www/html/main-site/
Alias /multi-site /var/www/html/multi-site
Alias /file-folder /var/www/html/file-folder
ErrorLog ${APACHE_LOG_DIR}/main-site_error.log
CustomLog ${APACHE_LOG_DIR}/main-site_access.log combined
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin someone#gmail.com
ServerName manage.some-kind-of-site.org
DocumentRoot /var/www/html/main-mgmt/
Alias /multi-site /var/www/html/multi-site
Alias /file-folder /var/www/html/file-folder
Alias /main-mgmt /var/www/html/main-mgmt
Alias /main-site /var/www/html/main-site
ErrorLog ${APACHE_LOG_DIR}/main-mgmt_error.log
CustomLog ${APACHE_LOG_DIR}/main-mgmt_access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin someone#gmail.com
ServerName tomcat.some-kind-of-site.org
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
ProxyPreserveHost on
</VirtualHost>
<VirtualHost *:443>
ServerAdmin someone#gmail.com
ServerName geoserver.some-kind-of-site.org
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/webapps/geoserver/
ProxyPassReverse / ajp://localhost:8009/webapps/geoserver/
ProxyPreserveHost on
</VirtualHost>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</IfModule>
Can anyone help me with this?? PLEASE!
I figured it out... had to, no one answered. But it took LOTS of time and LOTS of trial and error.
Don't use the 443 port at all for tomcat proxy...
<VirtualHost *:80>
ServerAdmin someguy#gmail.com
ServerName www.greatexamples.org
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://www.greatexamples.org$1 [R=301,NE,L]
DocumentRoot /var/www/html/mainsite/
Alias /multi-site /var/www/html/multi-site
Alias /old_stuff /var/www/html/old_stuff
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName manage.greatexamples.org
DocumentRoot /var/www/html/management/
RewriteEngine On
RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
RewriteRule ^(.*)$ https://manage.greatexamples.org$1 [R=301,NE,L]
Alias /multi-site /var/www/html/multi-site
Alias /old_stuff /var/www/html/old_stuff
Alias /management /var/www/html/management
Alias /mainsite /var/www/html/mainsite
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin someguy#gmail.com
ServerName tomcat.greatexamples.org
DocumentRoot /opt/tomcat/
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://tomcat.greatexamples.org:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin someguy#gmail.com
ServerName www.greatexamples.org
DocumentRoot /var/www/html/mainsite/
Alias /multi-site /var/www/html/multi-site
Alias /file-folder /var/www/html/old_stuff
ErrorLog ${APACHE_LOG_DIR}/main-site_error.log
CustomLog ${APACHE_LOG_DIR}/main-site_access.log combined
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin someguy#gmail.com
ServerName manage.greatexamples.org
DocumentRoot /var/www/html/management/
Alias /multi-site /var/www/html/multi-site
Alias /old_stuff /var/www/html/old_stuff
Alias /management /var/www/html/old_stuff
Alias /mainsite /var/www/html/mainsite
ErrorLog ${APACHE_LOG_DIR}/main-mgmt_error.log
CustomLog ${APACHE_LOG_DIR}/main-mgmt_access.log combined
</VirtualHost>
</IfModule>
and change the connector in Tomcat's server.xml to:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
proxyName="tomcat.greatexamples.org"
proxyPort="80"
redirectPort="8443" />

Apache2 Rewrite/Redirect from http to https

I use apache2 on Ubuntu and acme with letsencrypt in order to secure my website.
I also want to redirect from http://mywebsite.com to https://mywebsite.com but this does not work with the following config:
File name-xy.conf looks like this:
<VirtualHost *:80>
ServerName mywebsite.com
ProxyRequests off
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
File name-xy-ssl.conf looks like this:
<VirtualHost *:80>
ServerName mywebsite.com
RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.mywebsite.com [OR]
RewriteCond %{HTTPS} =mywebsite.com
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# forward ORDS requests to tomcat
<VirtualHost *:443>
ServerName mywebsite.com
# SSL certificates settings
#Include /etc/apache2/conf-enabled/options-ssl-apache.conf
SSLCertificateFile /etc/apache2/ssl/mywebsite.com/fullchain.cer
SSLCertificateKeyFile /etc/apache2/ssl/mywebsite.com/mywebsite.com.key
SSLCertificateChainFile /etc/apache2/ssl/mywebsite.com/ca.cer
ProxyRequests on
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
With this config I will navigate to the default apache2 homepage, https://mywebpage.com works fine.
What is wrong in this config in order to redirect from http://mywebsite.com to https://mywebsite.com automatically?
To handle this situation, I have my http vhost as follows. I don’t think it requires enabling any new modules either, just add the redirect statement like the last line :)
Since you are using Ubuntu with Apache. LetsEncrypt automatically installs and does the configuration for apache for SSL. If you want to do a manual configuration follow the below.
File name-xy.conf should look like this:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ProxyRequests off
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
#Add the below Lines
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
File name-xy-ssl.conf should look like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# SSL certificates settings
#Include /etc/apache2/conf-enabled/options-ssl-apache.conf
SSLCertificateFile /etc/apache2/ssl/mywebsite.com/fullchain.cer
SSLCertificateKeyFile /etc/apache2/ssl/mywebsite.com/mywebsite.com.key
SSLCertificateChainFile /etc/apache2/ssl/mywebsite.com/ca.cer
ProxyRequests on
ProxyPreserveHost On
<Location / >
ProxyPass "ajp://localhost:9090/"
ProxyPassReverse "ajp://localhost:9090/"
</Location>
</VirtualHost>
</IfModule>
Restart your apache server sudo service apache2 restart and clear your browser cache and history to take effect.

DIrectadmin after enable SSL too many redirects

I'm stuck on a problem. After enabling SSL in DA for domain and add RewriteRule to htaccess, I have a redirect loop.
Here is my vhost config file:
<VirtualHost 111.222.33.44:80 >
ServerName www.my-shop.net
ServerAlias www.my-shop.net my-shop.net
ServerAdmin webmaster#my-shop.net
DocumentRoot /home/admin/domains/my-shop.net/public_html/application/public
ScriptAlias /cgi-bin/ /home/admin/domains/my-shop.net/public_html/application/public/cgi-bin/
UseCanonicalName OFF
<IfModule !mod_ruid2.c>
SuexecUserGroup admin admin
</IfModule>
CustomLog /var/log/httpd/domains/my-shop.net.bytes bytes
CustomLog /var/log/httpd/domains/my-shop.net.log combined
ErrorLog /var/log/httpd/domains/my-shop.net.error.log
<Directory /home/admin/domains/my-shop.net/public_html/application/public>
php_admin_flag safe_mode OFF
php_admin_flag engine ON
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin#my-shop.net'
php_admin_value mail.log /home/admin/.php/php-mail.log
php_admin_value open_basedir /home/admin/:/tmp:/var/tmp:/usr/local/lib/php/
</Directory>
<VirtualHost 111.222.33.44:443 >
SSLEngine on
SSLCertificateFile /usr/local/directadmin/data/users/admin/domains/my-shop.net.cert.combined
SSLCertificateKeyFile /usr/local/directadmin/data/users/admin/domains/my-shop.net.key
SSLCACertificateFile /usr/local/directadmin/data/users/admin/domains/my-shop.net.cacert
ServerName www.my-shop.net
ServerAlias www.my-shop.net my-shop.net
ServerAdmin webmaster#my-shop.net
DocumentRoot /home/admin/domains/my-shop.net/public_html/application/public
ScriptAlias /cgi-bin/ /home/admin/domains/my-shop.net/public_html/cgi-bin/
UseCanonicalName OFF
<IfModule !mod_ruid2.c>
SuexecUserGroup admin admin
</IfModule>
CustomLog /var/log/httpd/domains/my-shop.net.bytes bytes
CustomLog /var/log/httpd/domains/my-shop.net.log combined
ErrorLog /var/log/httpd/domains/my-shop.net.error.log
<Directory /home/admin/domains/my-shop.net/public_html/application/public>
php_admin_flag safe_mode OFF
php_admin_flag engine ON
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f admin#my-shop.net'
php_admin_value mail.log /home/admin/.php/php-mail.log
php_admin_value open_basedir /home/admin/:/tmp:/var/tmp:/usr/local/lib/php/
</Directory>
Custom code:
|*if !SUB|
|?DOCROOT=/home/admin/domains/my-shop.net/public_html/application/public|
|*endif|
What should be fixed in configuration? I feel more confident in the administration of nginx..

VirtualHosts not working (Mod_proxy, Proxmox)

For starters I use Proxmox to virtualize several machines.
Now I want my main machine to redirect the traffic accordingly based on the servername.
I had the setup working once, but now somehow it won't work.
my default host:
00_proxmox_domain_com.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName proxmox.domain.com
ServerName *.proxmox.domain.com
#RewriteLog "/root/rewrite.log"
#RewriteLogLevel 10
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} !^/nrd/
RewriteCond %{REQUEST_URI} !^/images/
RewriteCond %{REQUEST_URI} !^/css/
RewriteCond %{REQUEST_URI} !^/javascript/
RewriteCond %{REQUEST_URI} !^/vncterm/
RewriteCond %{REQUEST_URI} !^/.*\.js$
RewriteCond %{REQUEST_URI} !^/login.pl$
RewriteCond %{HTTP_HOST} ^proxmox\.domain\.com$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
</VirtualHost>
Then I have several similar virtualhost, (currently only this one is activated)
This should send the visitor to PHPMyAdmin on virtual server with IP 192.168.1.13
02_pma_domain_com.conf
<VirtualHost *:80>
ServerName pma.domain.com
ServerName *.pma.domain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.13/
ProxyPassReverse / http://192.168.1.13/
</VirtualHost>
And there is the Proxmox virtual hostfile
pve.conf
<IfModule mpm_prefork_module>
StartServers 2
MinSpareServers 1
MaxSpareServers 2
MaxClients 50
MaxRequestsPerChild 30
</IfModule>
ServerName localhost
ServerSignature Off
ServerTokens Prod
ServerAdmin root
AddDefaultCharset On
# Hint: Ajax use KeepAlive, which in effect disables MaxRequestsPerChild,
# so we need to disable KeepAlive to prevent exhaustive memory usage, or
# at least make sure that periodic updaters interval > KeepAliveTimeout
KeepAlive Off
DocumentRoot /usr/share/pve-manager/root
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /usr/share/pve-manager/root>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
# do not log access to our ajax services
SetEnvIf Request_URI "^/ws/" dontlog
CustomLog /var/log/apache2/access.log combined env=!dontlog
Alias /images/ /usr/share/pve-manager/images/
Alias /css/ /usr/share/pve-manager/css/
Alias /javascript/ /usr/share/javascript/
Alias /vncterm/ /usr/share/vncterm/
# avoid authentication when accessing favicon
Alias /favicon.ico /usr/share/pve-manager/images/favicon.ico
PerlModule Embperl
EMBPERL_SESSION_ARGS "config=DB_File Lock=Semaphore"
AddType text/html .epl
PerlRequire /usr/share/pve-manager/root/startup.pl
PerlSetVar PVESatisfy any
PerlSetVar PVEPath /
PerlSetVar PVELoginScript /login.pl
PerlTransHandler PVE::URLRewrite
Alias /nrd/ /__no_real_dir__/
<Directory "/usr/share/pve-manager/root">
AuthType PVE::AuthCookieHandler
AuthName PVE
PerlSetVar PVECookieName PVEAuthCookie
#PerlSetVar AuthCookieDebug 5
PerlAuthenHandler PVE::AuthCookieHandler->authenticate
PerlAuthzHandler PVE::AuthCookieHandler->authorize
require group root
DirectoryIndex index.htm index.pl
<FilesMatch ".*\.htm$">
EMBPERL_APPNAME PVE
EMBPERL_SYNTAX EmbperlBlocks
EMBPERL_OBJECT_BASE base.epl
EMBPERL_INPUT_ESCMODE 0
EMBPERL_ESCMODE 0
SetHandler perl-script
PerlHandler Embperl::Object
Options ExecCGI
</FilesMatch>
<FilesMatch ".*\.epl$">
Order allow,deny
Deny From all
</FilesMatch>
<FilesMatch ".*\.pl$">
SetHandler perl-script
PerlHandler ModPerl::Registry
Options +ExecCGI
</FilesMatch>
</Directory>
<Location /nrd/LOGIN>
AuthType PVE::AuthCookieHandler
AuthName PVE
PerlSetVar PVECookieName PVEAuthCookie
#PerlSetVar AuthCookieDebug 5
SetHandler perl-script
PerlHandler PVE::AuthCookieHandler->login
</Location>
<Location /ws/>
SetHandler perl-script
PerlHandler $PVE::HTMLServices::Obj->handler
</Location>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile /etc/pve/pve-ssl.pem
SSLCertificateKeyFile /etc/pve/pve-ssl.key
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
If you see an obvious error, please tell me.
If you have a working install of proxmox it would help if you could give me your pve.conf
And if you've got the virtualhosts working one of those files would be most welcome.
I've tried several things to solve the problem, without any effect.
Found it, thanks to:
Apache 2.2 ignoring VirtualDocumentRoot VirtualHosts?
There should be only one ServerName, and it can't contain any wildcards,
you should use ServerAlias instead ;)

Resources