Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Nov 2020 18:16:26 +0100
From:      freebsd@boosten.org
To:        freebsd-questions <freebsd-questions@freebsd.org>
Cc:        Dale Scott <dalescott@shaw.ca>
Subject:   Re: Please help with Apache virtual servers and DNS trouble (I think)
Message-ID:  <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org>
In-Reply-To: <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca>
References:  <dbf88edf-7b25-4944-b6c9-5e0d08533265@email.android.com> <df9e09e9-587b-f01b-2849-a90cbd518534@yuripv.dev> <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


> Op 20 nov. 2020, om 16:10 heeft Dale Scott <dalescott@shaw.ca> het =
volgende geschreven:
>=20
> I am rebuilding my fbsd-11 server after the system drive failed. I had =
been using Apache virtual servers to serve several web apps on port 80, =
with a single wildcard DNS entry from No-IP. The server also hosted a =
Linux vm running in vbox, and used the vbox NAT to forward vm port 80 to =
host 8080, and vm port 22 to host 3022. This worked well as I only have =
one IP address from my ISP. The virtual hosts are accessed normally e.g. =
www.dalescott.net (WordPress), mantisbt.dalescott.net, =
timetracker.dalescott.net..., I can ssh to the vm on port 3022, and the =
vm web server is accessed with port number i.e. =
http://dalescott.net:8080.


Clear so far. I use the same setup (although I=E2=80=99m not forwarding =
anything to a different port, 443 on my firewall is 443 on my webserver =
(which is a jail on my freebsd server).

>=20
> Then the system drive failed and it seemed a good time to re-build it =
with fbsd-12, and switch at least some of the web apps (not the vm) to =
https with LetsEncrypt certs. My understanding of LetsEncrypt (and =
certbot and the Apache certbot plugin) is that subdomain DNS entry will =
be required for each Apache virtual server that will https.

LetsEncrypt version 2 support wildcard certificates. So with one =
certificate you can serve www.domain.tld <http://www.domain.tld/>, =
blah.domain.tld and hurray.domain.tld. However, in order to reach your =
virtual server mantisbt.dalescott.net <http://mantisbt.dalescott.net/>; =
you will have to have a DNS record for that host (not subdomain), this =
can be an A record or a CNAME. Of course you can use a wildcard.

> So I removed the wild card from my dalescott.net DNS entry and =
configured new subdomain DNS entries for the Apache virtual servers. =
However I didn't create certificates or change Apache httpd-vhosts.conf, =
and I'm still not trying to serve anything but pure http on port 80.
>=20

What do you mean with =E2=80=99subdomain=E2=80=99? A subdomain would =
mean something like =E2=80=99servers.dalescott.net=E2=80=99 in your =
case, and your mantisbt server would then be reachable as =
mantisbt.servers.dalescott.net <http://mantisbt.servers.dalescott.net/>. =
So please elaborate.

> The problem is that I can access all my virtual servers and ssh to the =
vm using port 3022, but I get a "no server response" error in the =
browser when trying to access the vm web server on port 8080.

Is it not that your browser expects https and you get http (or vice =
versa)?
What does your apache logging say?

Peter

=E2=80=94
It never hurts to help =E2=80=94 Eek!






Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?57E903C2-0CB4-4DAD-8F10-12A6879A8029>