Site available on internal network, but not from external networks

Question

I've got a ruby on rails application running on apache2 with phusion-passenger. The application works flawlessly on the local trusted network, but I can't access it on our wireless (untrusted) or any external networks. I can ping the server on the external networks, but I get nothing visiting the url for either the default page or the ssl page. I've already confirmed with our network services that everything is properly configured on the firewall.

I've currently got it set up to forward non secure traffic through https, the configs are:

default:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www
    Redirect permanent / https://www.example.com/
</VirtualHost>

default-ssl:

<IfModule mod_ssl.c>
NameVirtualHost *:443
<VirtualHost *:443>
    ServerName www.example.com
    ServerAdmin webmaster@localhost

    DocumentRoot /var/rails/example/current/public
    <Directory /var/rails/example/current/public>
            AllowOverride all
            Options -MultiViews
            RailsEnv production
    </Directory>


    ErrorLog ${APACHE_LOG_DIR}/error.log

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined


    SSLEngine on

    SSLCertificateFile    /usr/local/ssl/public/certificate.crt
    SSLCertificateKeyFile /usr/local/ssl/private/example.key

    SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt




    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

and apache2ctl -S outputs:

/usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)
[Thu Nov 15 10:50:40 2012] [warn] NameVirtualHost *:443 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
     default server betrnet.mc.vanderbilt.edu (/etc/apache2/sites-enabled/default-ssl:3)
     port 443 namevhost betrnet.mc.vanderbilt.edu (/etc/apache2/sites-enabled/default-ssl:3)
*:80                   is a NameVirtualHost
     default server betrnet.mc.vanderbilt.edu (/etc/apache2/sites-enabled/000-default:1)
     port 80 namevhost betrnet.mc.vanderbilt.edu (/etc/apache2/sites-enabled/000-default:1)
Syntax OK

Any help would be greatly appreciated!

score 1 · Answer 1 · answered Nov 15 '12 at 18:31

Ping is not a web site testing tool. The fact that you can ping the server means almost nothing in relation to why you can't access the web site on the server. If ping is the only tool in your arsenal then it's going to be a very long time in getting this problem resolved.

Great... you can ping the server so you've confirmed network connectivity... but you knew that already when you connected to the web site internally.

How are you trying to connect to the site externally? By FQDN or by ip address? If by FQDN then try by ip address to rule out DNS as the problem.

Are you sure the firewall is configured correctly to forward external connections to the public ip address to the internal ip address of the server for HTTP and HTTPS?

score 1 · Answer 2 · answered Nov 15 '12 at 20:20

1

Turns out the server was in an internal access only group in the firewall.

answered Nov 15 '12 at 20:20

biagidp

131
2

Glad you got it resolved. – joeqwerty Nov 15 '12 at 20:53

Site available on internal network, but not from external networks

2 Answers2