Date: Fri, 20 Nov 2009 10:07:27 +0100 From: "Scheithauer, Lars (FH)" <Lars.Scheithauer@fh-heidelberg.de> To: "Ian Smith" <smithi@nimnet.asn.au> Cc: freebsd-jail@freebsd.org, Bastien Semene <bsemene@cyanide-studio.com> Subject: AW: AW: AW: Problem with Apache in Jail Message-ID: <26040005B7F3AA41A0345BCE386CA09701C62A99@FHCLUSRV-EX.dcs.fh-heidelberg.de> In-Reply-To: <20091120180647.A65262@sola.nimnet.asn.au> References: <26040005B7F3AA41A0345BCE386CA09701C62A8E@FHCLUSRV-EX.dcs.fh-heidelberg.de><4B040838.8020103@quip.cz> <26040005B7F3AA41A0345BCE386CA09701C62A8F@FHCLUSRV-EX.dcs.fh-heidelberg.de><26040005B7F3AA41A0345BCE386CA09701C62A94@FHCLUSRV-EX.dcs.fh-heidelberg.de> <4B057741.7000700@cyanide-studio.com> <26040005B7F3AA41A0345BCE386CA09701C62A98@FHCLUSRV-EX.dcs.fh-heidelberg.de> <20091120180647.A65262@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ian,
> So are you sure that (from outside your environment) the vhost
hostname=20
> resolves to its IP address ok? Does it have a unique public IP
address?
> If so, does reverse resolution of that address point to that hostname?
Yes:
# host campus2.fh-heidelberg.de
campus2.fh-heidelberg.de is an alias for www2.fh-heidelberg.de.
www2.fh-heidelberg.de has address 193.197.74.48
# host 193.197.74.48
48.74.197.193.in-addr.arpa domain name pointer www2.fh-heidelberg.de.
> From (right) outside your net, does that IP address respond to pings?
> By IP address as well as by hostname?
Yes.
> Does your apache config specify name-based and/or IP-based virtual=20
> hosts? There can lurk some dragons ..
I did try name-based, but it's currently just a catch-all (see below).
> If this is a jail issue I've no idea at all, but if the DNS results=20
> obtained from inside and outside your network perimeter differ, that
may=20
> explain some of what you're seeing. I guess an outside DNS query=20
> followed by an attemped HTTP connect tracked on tcpdump, perhaps in=20
> verbose packet-display mode (eg -nXs0) should provide more solid
clues?
Ooooookay, now this really makes sense.=20
Sending packets to the URL don't even reach the jailhost (I can't
directly dump the jail's packages), but sending to its IP do... And I
can see packets leaving my client... This is persistent across different
browsers. Any ideas how that is possible?
> Make sure that you're logging both the vhost concerned and the
'default'=20
> config used if no vhost entry is satisfied, perhaps you'll see
something=20
> there? I specify error.log to catch any of these during vhost setup.
I do, see below.
> You may need to share more of your apache configuration in the hope
that=20
> someone may spot something, once you confirm there are no DNS issues.
---------->>> /usr/local/etc/apache22/httpd.conf <<<----------
ServerRoot "/usr/local"
Listen 80
## modules
# [...]
## MAIN CONFIG
ServerAdmin support@fh-heidelberg.de
ServerName www2.fh-heidelberg.de:80
DocumentRoot "/usr/local/www/apache22/data"
## disable all access, then allow specific services
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
## main site, currently just with a testpage
<Directory "/usr/local/www/apache22/data">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
## prevent htaccess to be read
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
## LOGGING
ErrorLog "/var/log/httpd-error.log"
logLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd-access.log" combined
</IfModule>
## aliases and redirects
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"
</IfModule>
## cgi-bin
<Directory "/usr/local/www/apache22/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#AddHandler cgi-script .cgi
#AddHandler type-map var
</IfModule>
## Virtual hosts
#Include etc/apache22/extra/httpd-vhosts.conf
Include etc/apache22/vhosts/*
Include etc/apache22/Includes/*.conf
----->>> /usr/local/etc/apache22/vhosts/campus2.fh-heidelberg.de
<<<-----
## catch all
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin support@fh-heidelberg.de
DocumentRoot "/usr/local/www/apache22/campus2.fh-heidelberg.de"
ServerName campus2.fh-heidelberg.de
ErrorLog
"/var/log/apache2/campus2.fh-heidelberg.de_error.log"
CustomLog
"/var/log/apache2/campus2.fh-heidelberg.de_access.log" common
</VirtualHost>
Best Regards,
Lars
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26040005B7F3AA41A0345BCE386CA09701C62A99>