[opensuse] Stop Apache https access from non specified domain names
Hi, I have an apache2 server with ssl setup with a domain name e.g. https://mysite.com Set up using <VirtualHost mysite.com:443> when I browse to https://mysite.com I can add an exception for my self signed certificate and all works well. I have also redirected http://mysite.com to https://mysite.com set up using<VirtualHost mysite.com:80> which also works However: When I browse to https://hostname or https://IP address or any other https domain name that is pointing to the same server, it shows the mysite.com virtualhost (which subsequently breaks because it is being accessed via a domain name it is not supposed to). I do not want this to happen. It should not go anywhere at all as I have not configured any other domain name to point to this virtualhost. If anything by default the sites should go to the It Works! page because in my default ssl settings I have <VirtualHost _default_:443> and default HTTP <VirtualHost *:80> and they both have the same DocumentRoot /srv/www/htdocs/default I don't understand why the sites are not going where I have told them. I must be doing something wrong here. Does anyone know how I can make all non-configure https connections point to /srv/www/htdocs/default ? (Exactly the same as http is working currently) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
However:
When I browse to https://hostname or https://IP address or any other https domain name that is pointing to the same server, it shows the mysite.com virtualhost (which subsequently breaks because it is being accessed via a domain name it is not supposed to).
I do not want this to happen. It should not go anywhere at all as I have not configured any other domain name to point to this virtualhost.
For unrecognised names, apache will pick the first virtualhost config file. Put in a conf file called aaaaa.conf. -- Per Jessen, Zürich (22.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/08/17 19:44, Per Jessen wrote:
Paul Groves wrote:
However:
When I browse to https://hostname or https://IP address or any other https domain name that is pointing to the same server, it shows the mysite.com virtualhost (which subsequently breaks because it is being accessed via a domain name it is not supposed to).
I do not want this to happen. It should not go anywhere at all as I have not configured any other domain name to point to this virtualhost. For unrecognised names, apache will pick the first virtualhost config file. Put in a conf file called aaaaa.conf.
Unfortunately it does not appear to work. :( I enabled 000-default.conf and 000-default-ssl.conf with no other sites enabled They both load fine so I enabled https://owncloud.mydomain.com Owncloud Works fine and the default (non-ssl still worked) however apache seems to be picking up the owncloud ssl as the first one. so I renamed the 000 in both files to aaa as you suggested and it made no difference so I renamed them back to 000 and named owncloud as 001-owncloud still the owncloud one shows up first when it should not. (https://hostname / https://ip - of server) I am very confused. What might I be doing wrong? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
On 28/08/17 19:44, Per Jessen wrote:
Paul Groves wrote:
However:
When I browse to https://hostname or https://IP address or any other https domain name that is pointing to the same server, it shows the mysite.com virtualhost (which subsequently breaks because it is being accessed via a domain name it is not supposed to).
I do not want this to happen. It should not go anywhere at all as I have not configured any other domain name to point to this virtualhost. For unrecognised names, apache will pick the first virtualhost config file. Put in a conf file called aaaaa.conf.
Unfortunately it does not appear to work. :(
I enabled 000-default.conf and 000-default-ssl.conf with no other sites enabled
They both load fine so I enabled https://owncloud.mydomain.com
Owncloud Works fine and the default (non-ssl still worked) however apache seems to be picking up the owncloud ssl as the first one.
so I renamed the 000 in both files to aaa as you suggested and it made no difference
so I renamed them back to 000 and named owncloud as 001-owncloud
still the owncloud one shows up first when it should not. (https://hostname / https://ip - of server)
I am very confused. What might I be doing wrong?
Maybe you ought to post your virtual host configs, and an accurate description of how you want it to work. -- Per Jessen, Zürich (16.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 29/08/17 06:33, Per Jessen wrote:
Paul Groves wrote:
On 28/08/17 19:44, Per Jessen wrote:
Paul Groves wrote:
However:
When I browse to https://hostname or https://IP address or any other https domain name that is pointing to the same server, it shows the mysite.com virtualhost (which subsequently breaks because it is being accessed via a domain name it is not supposed to).
I do not want this to happen. It should not go anywhere at all as I have not configured any other domain name to point to this virtualhost. For unrecognised names, apache will pick the first virtualhost config file. Put in a conf file called aaaaa.conf.
Unfortunately it does not appear to work. :(
I enabled 000-default.conf and 000-default-ssl.conf with no other sites enabled
They both load fine so I enabled https://owncloud.mydomain.com
Owncloud Works fine and the default (non-ssl still worked) however apache seems to be picking up the owncloud ssl as the first one.
so I renamed the 000 in both files to aaa as you suggested and it made no difference
so I renamed them back to 000 and named owncloud as 001-owncloud
still the owncloud one shows up first when it should not. (https://hostname / https://ip - of server)
I am very confused. What might I be doing wrong?
Maybe you ought to post your virtual host configs, and an accurate description of how you want it to work.
OK So I want all traffic to go to a default page e.g. the It Works! page. One for ssl and one for plain http. Unless I have configured a virtualhost manually. What is happening currently: The default pages are being ignored and all domain names that are not configured are going to the owncloud virtualhost (http and https). even if I type in http://ip_address or http://hostname_of_server If I disable the owncloud configuration I see both the default files fine. (I have replaced the actual domain name with owncloud.mysite.com for privacy). ========== 000-default.conf ========== <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /srv/www/default ErrorLog ${APACHE_LOG_DIR}/default_error.log CustomLog ${APACHE_LOG_DIR}/default_access.log combined </VirtualHost> ============ 000-default-ssl.conf ============ <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /srv/www/default ErrorLog ${APACHE_LOG_DIR}/default_ssl_error.log CustomLog ${APACHE_LOG_DIR}/default_ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> ========= owncloud.conf ========= <IfModule mod_ssl.c> <VirtualHost owncloud.mysite.com:443> ErrorLog ${APACHE_LOG_DIR}/owncloud.mysite.com_error.log CustomLog ${APACHE_LOG_DIR}/owncloud.mysite.com_access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/owncloud.mysite.com.crt SSLCertificateKeyFile /etc/apache2/ssl/owncloud.mysite.com.key DocumentRoot /srv/www/owncloud ServerName owncloud.mysite.com ServerAdmin root@server5 <Directory /srv/www/owncloud> SSLRequireSSL Require all granted Options +FollowSymLinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /srv/www/owncloud SetEnv HTTP_HOME /srv/www/owncloud </Directory> <Directory /srv/www/owncloud/data/> # just in case if .htaccess gets disabled Require all denied </Directory> </VirtualHost> </Ifmodule> <VirtualHost owncloud.mysite.com:80> ServerName owncloud.mysite.com Redirect / https://owncloud.mysite.com/ </VirtualHost> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
So I want all traffic to go to a default page e.g. the It Works! page. One for ssl and one for plain http. Unless I have configured a virtualhost manually.
Okay - that default page will need to part of a default _vhost_. That is always the first virtual host, which is why I suggested calling the config file something like "aaaaaa.conf".
What is happening currently:
The default pages are being ignored and all domain names that are not configured are going to the owncloud virtualhost (http and https). even if I type in http://ip_address or http://hostname_of_server
Is your 'owncloud' vhost the first one in the config?
If I disable the owncloud configuration I see both the default files fine.
Under which vhost are they available?
(I have replaced the actual domain name with owncloud.mysite.com for privacy).
========== 000-default.conf ==========
<VirtualHost *:80>
Try adding the actual IP address here. Just my experience that it works "better".
============ 000-default-ssl.conf ============
<IfModule mod_ssl.c> <VirtualHost _default_:443>
Try adding the actual IP here.
========= owncloud.conf =========
<IfModule mod_ssl.c> <VirtualHost owncloud.mysite.com:443>
IP address.
<VirtualHost owncloud.mysite.com:80>
And one more. I would also check that you're not adding any of the pre-configured openSUSE default hosts. They're configured in /etc/apache2/default*, and included by httpd.conf. I prefer leaving them out, so all of the hosts are in vhosts.d/ -- Per Jessen, Zürich (26.3°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
OK so it appears to be working after some tinkering using the suggestions made. I changed <VirtualHost *:80> in the default config to the servers ip address I also changed <VirtualHost _default_:443> in the default ssl page to the servers ip address I then renamed the files to aaa.conf and aaa-ssl.conf restart apache2 and all appears to work for now so it seems it was a combinations of the IP address not being specified and also the names of the files being out of order. I will test further and report back. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 29/08/17 17:21, Paul Groves wrote:
OK so it appears to be working after some tinkering using the suggestions made.
I changed <VirtualHost *:80> in the default config to the servers ip address
I also changed <VirtualHost _default_:443> in the default ssl page to the servers ip address
I then renamed the files to aaa.conf and aaa-ssl.conf
restart apache2
and all appears to work for now so it seems it was a combinations of the IP address not being specified and also the names of the files being out of order.
I will test further and report back. Well it all seems to work fine now
http://hostname http://ipaddress https://hostname https://ipaddress all are pointing to the default page http://www.mysitecom https://www.mysitecom which are not configured in apache are pointing to the default page http://owncloud.mysite.com https://owncloud.mysite.com are pointing to the owncloud instance So I would say this is solved :) Thanks for the help. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 29/08/17 19:50, Carlos E. R. wrote:
On 2017-08-29 15:06, Per Jessen wrote:
Try adding the actual IP address here. Just my experience that it works "better". What if the IP is dynamic?
Just for my illustration :-)
good point My lan ip is static. I don't see why anyone would have a server with a dynamic IP. But I have seen horrendous set-ups before. My internet IP is dynamic but I use ddclient to update it when it changes. And my firewall points port 80 and 443 to the web server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-29 22:29, Paul Groves wrote:
On 29/08/17 19:50, Carlos E. R. wrote:
On 2017-08-29 15:06, Per Jessen wrote:
Try adding the actual IP address here. Just my experience that it works "better". What if the IP is dynamic?
Just for my illustration :-)
good point
My lan ip is static. I don't see why anyone would have a server with a dynamic IP. But I have seen horrendous set-ups before.
My internal IP is static, but not the external. I supposed the config needed the external IP.
My internet IP is dynamic but I use ddclient to update it when it changes. And my firewall points port 80 and 443 to the web server.
Yes, same here. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Paul Groves wrote:
On 29/08/17 19:50, Carlos E. R. wrote:
On 2017-08-29 15:06, Per Jessen wrote:
Try adding the actual IP address here. Just my experience that it works "better". What if the IP is dynamic?
Just for my illustration :-)
good point
My lan ip is static. I don't see why anyone would have a server with a dynamic IP. But I have seen horrendous set-ups before.
It wouldn't be so unusual for a private owncloud installation, for instance. I guess you would have to use *:80 for that, it ought to work too. -- Per Jessen, Zürich (22.8°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Paul Groves -
Per Jessen