From owner-freebsd-questions@freebsd.org Fri Nov 20 17:16:34 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1DE346853C for ; Fri, 20 Nov 2020 17:16:34 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq5.tb.mail.iss.as9143.net (smtpq5.tb.mail.iss.as9143.net [212.54.42.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Cd39s3VYfz3tgS for ; Fri, 20 Nov 2020 17:16:32 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.42.136] (helo=smtp12.tb.mail.iss.as9143.net) by smtpq5.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgA1O-0006pb-FX; Fri, 20 Nov 2020 18:16:30 +0100 Received: from 84-25-247-31.cable.dynamic.v4.ziggo.nl ([84.25.247.31] helo=smtp.boosten.org) by smtp12.tb.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1kgA1O-0003vc-4B; Fri, 20 Nov 2020 18:16:30 +0100 Received: from mailserver.boosten.org (localhost [127.0.0.1]) by smtp.boosten.org (Postfix) with ESMTP id 7EB5C2D0F9; Fri, 20 Nov 2020 18:16:28 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from amon.boosten.org (amon.boosten.org [192.168.13.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.boosten.org (Postfix) with ESMTPSA id 710182D0D0; Fri, 20 Nov 2020 18:16:26 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.boosten.org 710182D0D0 From: freebsd@boosten.org Message-Id: <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org> Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: Please help with Apache virtual servers and DNS trouble (I think) Date: Fri, 20 Nov 2020 18:16:26 +0100 In-Reply-To: <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca> Cc: Dale Scott To: freebsd-questions References: <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca> X-Mailer: Apple Mail (2.3608.120.23.2.4) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.4 cv=fshi2H0f c=1 sm=1 tr=0 ts=5fb7f9ee a=JWBJsaPp29SgP5DpYRBqZw==:17 a=nNwsprhYR40A:10 a=_Dj-zB-qAAAA:8 a=5mcg790sAAAA:8 a=EQpedfl2a0E3jVRWKy4A:9 a=QEXdDO2ut3YA:10 a=nAdFQogskfNIeG8m:21 a=_W_S_7VecoQA:10 a=c-cOe7UV8MviEfHuAVEQ:22 a=uQeDYW1NI25gHNlrW_eK:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 4Cd39s3VYfz3tgS X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,quarantine]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RECEIVED_SPAMHAUS_PBL(0.00)[84.25.247.31:received]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[212.54.42.168:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[boosten.org:s=myselector]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; SPAMHAUS_ZRD(0.00)[212.54.42.168:from:127.0.2.255]; RCVD_IN_DNSWL_LOW(-0.10)[212.54.42.168:from]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NO_DN(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 17:16:34 -0000 > Op 20 nov. 2020, om 16:10 heeft Dale Scott het = volgende geschreven: >=20 > I am rebuilding my fbsd-11 server after the system drive failed. I had = been using Apache virtual servers to serve several web apps on port 80, = with a single wildcard DNS entry from No-IP. The server also hosted a = Linux vm running in vbox, and used the vbox NAT to forward vm port 80 to = host 8080, and vm port 22 to host 3022. This worked well as I only have = one IP address from my ISP. The virtual hosts are accessed normally e.g. = www.dalescott.net (WordPress), mantisbt.dalescott.net, = timetracker.dalescott.net..., I can ssh to the vm on port 3022, and the = vm web server is accessed with port number i.e. = http://dalescott.net:8080. Clear so far. I use the same setup (although I=E2=80=99m not forwarding = anything to a different port, 443 on my firewall is 443 on my webserver = (which is a jail on my freebsd server). >=20 > Then the system drive failed and it seemed a good time to re-build it = with fbsd-12, and switch at least some of the web apps (not the vm) to = https with LetsEncrypt certs. My understanding of LetsEncrypt (and = certbot and the Apache certbot plugin) is that subdomain DNS entry will = be required for each Apache virtual server that will https. LetsEncrypt version 2 support wildcard certificates. So with one = certificate you can serve www.domain.tld , = blah.domain.tld and hurray.domain.tld. However, in order to reach your = virtual server mantisbt.dalescott.net = you will have to have a DNS record for that host (not subdomain), this = can be an A record or a CNAME. Of course you can use a wildcard. > So I removed the wild card from my dalescott.net DNS entry and = configured new subdomain DNS entries for the Apache virtual servers. = However I didn't create certificates or change Apache httpd-vhosts.conf, = and I'm still not trying to serve anything but pure http on port 80. >=20 What do you mean with =E2=80=99subdomain=E2=80=99? A subdomain would = mean something like =E2=80=99servers.dalescott.net=E2=80=99 in your = case, and your mantisbt server would then be reachable as = mantisbt.servers.dalescott.net . = So please elaborate. > The problem is that I can access all my virtual servers and ssh to the = vm using port 3022, but I get a "no server response" error in the = browser when trying to access the vm web server on port 8080. Is it not that your browser expects https and you get http (or vice = versa)? What does your apache logging say? Peter =E2=80=94 It never hurts to help =E2=80=94 Eek!