How does Apache determine the FQDN? - apache2

I'm using Apache2, and when reloading/restarting the server I get this warning:
apache2: Could not reliably determine the server's fully qualified domain name, using (my FQDN) for ServerName
Everything works fine, but I'm trying to figure out what's causing the error. I'm grabbing the source to see if can find it, but since my C's not very good....
Some notes:
If I change the system hostname, Apache uses the new hostname
I have a ServerName set; it's the same as the hostname
I have a static, unique IP - dig (hostname) returns (my ip), dig -x (my ip) returns (hostname)
My hosts file is correct
Versions:
Apache/2.2.9
Linux 2.6.24-23-xen x86_64
Description: Debian GNU/Linux 5.0 (lenny)
Any ideas?

Are you sure you have a ServerName directive with the proper value - outside any <VirtualHost> blocks? (You also need a ServerName inside each <VirtualHost> block, of course)
When Apache gives out that error message, usually it means that it's not finding a ServerName for the server as a whole. If you do have that directive set properly, I can't imagine why Apache would still be complaining...

On Debian, the hostname is set at startup thanks to the script /etc/init.d/hostname.sh which uses the file /etc/hostname. We can use this file to update the computer hostname and its FQDN (fully qualified domain name).
If ServerName in your vhost is my-computer.my-domain.ext make sure to copy the exact name in /etc/hosts
Caution: in the /etc/hosts file, the hostname and FQDN order must be respected.
First the fqdn then the hostname and localhost at the end.
~$ echo "my-computer" > /etc/hostname
~$ echo "127.0.0.1 my-computer.my-domain.ext my-computer localhost" > /etc/hosts
~$ /etc/init.d/hostname.sh
You can check the change with the following lines:
~$ hostname
my-computer
~$ hostname --fqdn
my-computer.my-domain.ext
The old hostname may still be present in the command line prompt. Just logoff then login to make it disappear.

For further information about setting hostname and FQDN on debian (which also prevents the warning) check this: http://movealong.org/hostname.html

Related

SQL Server 2017 on Linux/Kubernetes -- Set up TLS Security

Trying to configure TLS on my MSSQL connections following this article: https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-encrypted-connections?view=sql-server-2017
The server-side configuration seems pretty straight-forward with minor differences in the container environment (e.g. systemctl doesn't exist so I kill/respawn pod):
systemctl stop mssql-server
cat /var/opt/mssql/mssql.conf
/opt/mssql/bin/mssql-conf set network.tlscert /var/opt/mssql/ssl/mssql.pem
/opt/mssql/bin/mssql-conf set network.tlskey /var/opt/mssql/ssl/mssqlprivkey.key
/opt/mssql/bin/mssql-conf set network.tlsprotocols 1.2
/opt/mssql/bin/mssql-conf set network.forceencryption 0
systemctl start mssql-server
So I took my PFX from my Windows CA and extracted the key and the client cert to key and pem files, added them to the location for persistent storage (/var/opt), ran the commands (seen above) and sql came back up.
I installed mssql-tools on a different machine and configured it in the trust-anchors to trust my CA.
However, when trying to test the connection (sqlcmd -N -S tcp:1.1.1.1,1433 -U user -P password), I get the error: SSL Provider: [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:subject name does not match host name]
When I change the connection string to the DNS name, it works (sqlcmd -N -S tcp:mssql.mydomain.com,1433 -U user -P password) -- even though the IP address is listed as a subject alternative name on the cert.
Why are secure connections not working using the IP? What am I missing?
Different TLS client tools differently handle IP Address Subject Alternative Name type. Most Microsoft tools ignore iPAddress name type completely and require IP addresses to be listed as dNSName name type. Try to add IP Address to SAN extension as dNSName name type, it should work.

PostgreSQL: How to create two instances in same window machine?

I need to have additional instance for our production server.
Is it possible?
Where to begin?
Using Postgresql 9.1 on Windows Server
If you already have the binaries, then adding a second instance ("cluster") is done by running initdb and then registering that new instance as a Windows service.
(I will not prefix the name of the executables with the path they are stored in. You need to either add the bin directory of the Postgres installation to your system wide PATH, use fully qualified names, or simply change into the bin directory to make it the current directory)
To do that, open a command line (cmd.exe) and use initdb to create the instance:
initdb -D c:\Data\PostgresInstance2 -W -A md5
-W makes initdb prompt you for the name and password to be used as the superuser of that instance - make sure you remember the username and passwords you have given. -D specifies where the cluster should be created. Do NOT create that under c:\Program Files.
Once the instance (cluster) is initialized edit c:\Data\PostgresInstance2\postgresql.conf to use a different port, e.g. port = 5433. If the instance should be reachable from the outside you also need to adjust listen_addresses.
You can check if everything works by manually starting the new instance:
pg_ctl start -D c:\Data\PostgresInstance2
Once you have change the port (and adjusted other configuration parameters) you can create a Windows service for the new cluster:
pg_ctl register -N postgres2 -D c:\Data\PostgresInstance2
The service will execute with the "Local Network Account", so you have to make sure the privileges on the data directory are setup properly.
#NewSheriff
Your start command for your second server needs to use the port you specified in config
e.g. if using port 5433 instead of port 5432
then adding:
-o "-p 5433"
to the end of your start-up command should get past the error message you mentioned

Linux Ubuntu how to get remote hostname

How do you get the hostname of the one who is connected to the same network as i am.
Example i am at 192.168.1.16
other is at 192.168.1.15
how do i get to know his hostname with python or any command that would help?
You can try with:
nslookup IP_ADDRESS
It should show you a field name that contain the hostname.
There's also a specific command, but I don't know if it's included in every distributions:
resolveip IP_ADDRESS
Give it a try. It also has a -s option that gives you the hostname and nothing else, very useful if you need to retrieve it and store it in a variable.
resolveip -s IP_ADDRESS

Could not reliably determine the server's fully qualified domain name

I have just installed Apache 2.2.17, and I am using it for the first time.
Now when I try to start the server using the command service httpd start it gives me the message:
httpd: Could not reliably determine the server's fully qualified domain name, using ::1 for ServerName
Now I think I have to set ServerName and the IP address as I search through Google. But I don't know in which file I have to set.
How can I fix this problem?
sudo vim /etc/apache2/httpd.conf
Insert the following line at the httpd.conf: ServerName localhost
Just restart the Apache: sudo /etc/init.d/apache2 restart
Yes, you should set ServerName:
http://wiki.apache.org/httpd/CouldNotDetermineServerName
http://httpd.apache.org/docs/current/mod/core.html#servername
You can find information on the layouts used by the various httpd distributions here:
http://wiki.apache.org/httpd/DistrosDefaultLayout
In your case the file to edit is /etc/httpd/conf/httpd.conf
I was NOT getting the ServerName wrong. Inside your VirtualHost configuration that is causing this warning message, it is the generic one near the top of your httpd.conf which is by default commented out.
Change
#ServerName www.example.com:80
to:
ServerName 127.0.0.1:80
Under Debian Squeeze;
Edit Apache2 conf file : vim /etc/apache2/apache2.conf
Insert the following line at the apache2.conf: ServerName localhost
Restart Apache2: apache2ctl restart or /etc/init.d/apache2 restart
Should work fine (it did solve the problem in my case)
tks noodl for the link on the different layouts. :)
sudo nano /etc/apache2/httpd.conf
search for a text ServerName in nano editor <Ctrl + W>
Insert the following line at the httpd.conf: ServerName localhost
Just restart the Apache: sudo /usr/sbin/apachectl restart
Another option is to ensure that the full qualified host name (FQDN) is listed in /etc/hosts.
This worked for me on Ubuntu v11.10 without having to change the default Apache configuration.
" To solve this problem You need set ServerName.
1: $ vim /etc/apache2/conf.d/name
For example set add ServerName localhost or any other name:
2: ServerName localhost
Restart Apache 2
3: $ service apache restart
For this example I use Ubuntu 11.10.1.125"
FQDN means the resolved name over DNS. It should be like "server-name.search-domain".
The warning you get just provides a notice that httpd can not find a FQDN, so it might not work right to handle a name-based virtual host. So make sure the expected FQDN is registered in your DNS server, or manually add the entry in /etc/hosts which is prior to hitting DNS.
If you are using windows there is something different sort of situation
First open c:/apache24/conf/httpd.conf.
The Apache folder is enough not specifically above path
After that you have to configure httpd.conf file.
Just after few lines there is pattern like:
#Listen _____________:80
Listen 80
Here You have to change for the localhost.
You have to enter ipv4 address for that you can open localhost.
Refer this video link and after that just bit more.
Change your environment variables:
In which you have to enter path:
c:apache24/bin
and
same in the SYSTEM variables
If any query feel free to ask.
Two things seemed to do it for me:
Put all aliases for 127.0.0.1 in /etc/hosts in a single line (e.g. 127.0.0.1 localhost mysite.local myothersite.local
Set ServerName in my httpd.conf to 0.0.0.0 (localhost or 127.0.0.1 didn't work for me)
Editing /etc/hosts got rid of long response times and setting the ServerName got rid of OP's warning for me.
who are still couldnt resolve the problem and using mac then follow this
1.goto the root folder /
cd usr/local/etc/apache2/2.4
3.sudo nano httpd.conf
4.change #servername to ServerName 127.0.0.1:8080 press ctrl+o,+return+ctrl x
5.then restart the server apachectl restart
If you are using windows, remove comment on these lines and set them as:
Line 227 : ServerName 127.0.0.1:80
Line 235 : AllowOverride all
Line 236 : Require all granted
Worked for me!
Here's my two cents. Maybe it's useful for future readers.
I ran into this problem when using Apache within a Docker container. When I started a container from an image of the Apache webserver, this message appeared when I started it with docker run -it -p 80:80 my-apache-container.
However, after starting the container in detached mode, using docker run -d -p 80:80 my-apache-container, I was able to connect through the browser.
I am using ubuntu 22.04
I installed the apache2 at the location '/usr/local/apache2'
I just edited the '/usr/local/apache2/conf/httpd.conf' file.
run the following commands
cd /usr/local/apache2/conf
sudo nano httpd.conf
find this comment
#ServerName www.example.com:80, in my case it is at line 197
after that add this
ServerName localhost
don't modify anything else in this file!
Thank you!

Apache2 access restricted to local LAN

Until recently, I had a bunch of virtual sites set up like so:
<VirtualHost 127.0.0.1:1234>
...
This works fine for testing on my local machine, where I use a Linux desktop. In order to test how MS and explorer displays my pages from my Windows laptop, I changed this to
<VirtualHost *:1234>
...
Which also works fine, calling the site up from http://[mylinuxservername]:1234 on my laptop's IE. However, I want to restrict that wildcard to the local lan. Plugging in any ip, like 192.nnn.nnn.nnn or 192.*.*.* where the wildcard is above results in 403 Forbidden on the windows machine. The local server still works fine on my Linux box:
<VirtualHost 127.0.0.1:1234 192.*.*.*:1234>
...
or
<VirtualHost 127.0.0.1:1234 192.nnn.nnn.nnn:1234> #exact IP of laptop
...
Anyway, I don't like that wildcard in the second config example above. Hints anyone?
The parameter(s) of VirtualHost are the local addresses you listen to, not the remote ones.
In Apache 2.4 and newer, use the Require directive:
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
If you are using Apache 2.2 or earlier, use the authz_host configuration:
Order Allow,Deny
Allow from 127.0.0.0/8
Allow from 192.168.0.0/16
This may also work on Apache 2.4, but Order and Allow have been deprecated.
Just a note in case some noobs like me come here :)
Apache HTTP Server is configured by placing directives in plain text
configuration files. The main configuration file is usually called
httpd.conf.
Main Configuration Files
For version 2.4
The Allow, Deny, and Order directives, provided by mod_access_compat,
are deprecated and will go away in a future version. You should avoid
using them, and avoid outdated tutorials recommending their use.
Access Control
Require ip 127.0.0.0/8
Require ip 192.0.0.0/8
or (not exactly the same)
Require ip 127.0
Require ip 192.168
Use iptables to restrict access to the machine itself. The first command will allow HTTP traffic from any network in the 192 range (note that I think you need 192.168 to truly be local but I could wrong). The second command simply drops packets from other sources for port 80
iptables -I 1 INPUT -s 192.0.0.0/8 -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I 2 INPUT -p tcp --dport 80 -m state --state NEW -j DROP
Then in your virtual host you can do <VirtualHost *:80>

Resources