Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Nov 2020 12:13:58 -0700 (MST)
From:      Dale Scott <dalescott@shaw.ca>
To:        freebsd@boosten.org
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Please help with Apache virtual servers and DNS trouble (I think)
Message-ID:  <436222222.38328265.1605899638737.JavaMail.zimbra@shaw.ca>
In-Reply-To: <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org>
References:  <dbf88edf-7b25-4944-b6c9-5e0d08533265@email.android.com> <df9e09e9-587b-f01b-2849-a90cbd518534@yuripv.dev> <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca> <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
----- Original Message -----
> From: freebsd@boosten.org
> To: "freebsd-questions" <freebsd-questions@freebsd.org>
> Cc: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca>
> Sent: Friday, November 20, 2020 10:16:26 AM
> Subject: Re: Please help with Apache virtual servers and DNS trouble (I t=
hink)

>> Op 20 nov. 2020, om 16:10 heeft Dale Scott < [ mailto:dalescott@shaw.ca =
|
>> dalescott@shaw.ca ] > het volgende geschreven:

Thanks for your kind help Peter. Just to be clear, this is my intended
network.

                                                             +-------------=
---+
wwww.dalescott.net:8080    <-------------------------------- + ERPNext     =
   +
                                                             +-------------=
---+
ssh -p 3022 dalescott.net  <-------------------------------- + Ubuntu      =
   |
                                                             | 20.04       =
   |
www.dalescott.net          <----\                            | LTS         =
   |
mantisbt.dalescott.net     <----+                            |             =
   |
proqjector.dalescott.net   <----+       +--------------------+-------------=
---+
nextcloud.dalescott.net    <----+------ + Apache/MariaDb/PHP | virtualbox-o=
se |
                                        +--------------------+-------------=
---+
ssh -p 3022 dalescott.net  <------------| FreeBSD 11.3 / 12.2              =
   |
                                        +----------------------------------=
---+

<snip>

>> ... My understanding of LetsEncrypt (and certbot and the Apache
>> certbot plugin) is that subdomain DNS entry will be required for each Ap=
ache
>> virtual server that will https.

> LetsEncrypt version 2 support wildcard certificates. So with one certific=
ate you
> can serve www.domain.tld, blah.domain.tld and hurray.domain.tld. However,=
 in order
> to reach your virtual server mantisbt.dalescott.net have to have a DNS re=
cord for
> that host (not subdomain), this can be an A record or a CNAME.
> Of course you can use a wildcard.

Wild cards sound easier to manage, which I will investigate after getting t=
hings
working again without certs.

>> So I removed the wild card from my dalescott.net DNS entry and configure=
d new
>> subdomain DNS entries for the Apache virtual servers. However I didn't c=
reate
>> certificates or change Apache httpd-vhosts.conf, and I'm still not tryin=
g to
>> serve anything but pure http on port 80.

> What do you mean with =E2=80=99subdomain=E2=80=99? A subdomain would mean=
 something like
> 'servers.dalescott.net' in your case, and your mantisbt server would then=
 be
> reachable as mantisbt.servers.dalescott.net. So please elaborate.

Networking is not my strength ; IIUC my tld is dalescott.net, and I am usin=
g subdomains
www, mantisbt, timetracker... or fully qualified www.dalescott.net, mantisb=
t.dalescott.net,
timetracker.dalescott.net, etc. Is my terminology incorrect?

>> The problem is that I can access all my virtual servers and ssh to the v=
m using
>> port 3022, but I get a "no server response" error in the browser when tr=
ying to
>> access the vm web server on port 8080.

> Is it not that your browser expects https and you get http (or vice versa=
)?
> What does your apache logging say?

I am not expecting ANY https at this point. My goal is to first restore the
http-only behavior I had using fbsd-11.3 before I started down this rabbit
hole. ;-)  Perhaps I need to go back to the one original wildcard DNS entry=
 I had
and all will be ok, and then I figure out to use a wildcard Let's Encrypt c=
ert,
and then the specifics of each web apps.

I browsed to the vbox vm web server dalescott.net:8080 and saw expected ("T=
his page isn=E2=80=99t
working" "dalescott.net didn=E2=80=99t send any data." "ERR_EMPTY_RESPONSEI=
"), but then
checked httpd-error.log and no related errors, which I had expected to see,=
 thinking
Apache was getting the dalescott.net:8080 request and didn't know what to d=
o with it.

Maybe the web server on the vbox vm isn't responding at all. I will need to=
 check
that out.

Fwiw, here is my DNS setup at No-IP.com (entries all have same config): htt=
ps://i.imgur.com/3UMiWFY.png https://i.imgur.com/RIp6tQS.png

Also, fwiw, from my httpd.conf:

Listen 80
ServerName www.dalescott.net:80

and my typical vhost entry in httpd-vhosts.com:

<VirtualHost mantisbt.dalescott.net:80>
    DocumentRoot "/usr/local/www/mantisbt"
    <Directory "/usr/local/www/mantisbt">
        allow from all
        Options None
        Require all granted
    </Directory>
</VirtualHost>




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?436222222.38328265.1605899638737.JavaMail.zimbra>