-1

Ok, I have a bit of a complicated set up that works for the most part, but recently I've had to migrate a couple sites to my server and I can't seem to get things working the way I want.

I have 5 websites that I'm hosting from my server. I initially had 3. We'll call them

  • example.com
  • files.example.com
  • git.example.com
  • temp.alagory.com
  • temp.minceraft.com

alagory.com and minceraft.com are the sites that I'm migrating over to my personal server. My personal server doesn't have a static IP address, so I've set it up with DDNS which gives it the address example.com with the two subdomains files, and git. These three DDNS domains I want to have under SSL. temp.alagory.com and temp.minceraft.com are WordPress sites, and since I'm making them public, I do not want everybody visiting them being confronted by a warning about my self-signed certificate. I also would like to not spend the cheap fee to get an official accredited certificate. Initially, I've been able to get the three DDNS sites working (*.example.com) all of which play nicely under a blanket of encryption. The other two sites worked nicely on their server that I've decided to do away with.

The trouble comes when I try to host all these sites with all their differences under one server.

I set up temp.alagory.com and temp.minceraft.com with CNAME type records pointing to example.com. I've been successfully utilizing virtual hosts on the other three domains to send them to their respective sites. I set up the virtual hosts for allegory and minceraft pointing them to their directories, but they resolve to /srv/http, which is the directory for example.com. Also, the domains are redirected to be encrypted with my certificate. I don't really understand how since they are not the names I used in the certificate. I thought that was something that was checked.

Here is the virtual host configuration file for git.example.com

#This configuration has been tested on GitLab 6.0.0 and GitLab 6.0.1
#Note this config assumes unicorn is listening on default port 8080.
#Module dependencies
#  mod_rewrite
#  mod_proxy
#  mod_proxy_http

<VirtualHost *:80>
  ServerName git.example.com
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>

<VirtualHost *:443>

  SSLEngine on
  #strong encryption ciphers only
  #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
  SSLProtocol all -SSLv2
  SSLHonorCipherOrder on
#  SSLCipherSuite        "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM    :RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
  SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
  SSLCompression Off
  SSLCertificateFile /etc/httpd/conf/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/server.key
  SSLCACertificateFile /etc/httpd/conf/server.crt

  ServerName git.example.com
  ServerSignature Off

  ProxyPreserveHost On

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    ProxyPassReverse http://127.0.0.1:8080
    ProxyPassReverse http://git.example.com/
  </Location>

  #apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-    files
  # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
  RequestHeader set X_FORWARDED_PROTO 'https'

  # needed for downloading attachments
  DocumentRoot /usr/share/webapps/gitlab/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a     maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 503 /deploy.html

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  /var/log/httpd/git.example.com_error.log
  CustomLog /var/log/httpd/git.example.com_forwarded.log common_forwarded
  CustomLog /var/log/httpd/git.example.com_access.log combined env=!dontlog
  CustomLog /var/log/httpd/git.example.com.log combined

</VirtualHost>

Here is the configuration I've been using to sort files.example.com, example.com, temp.alagory.com, and temp.minceraft.com:

Virtual hosts for my other sites

And here is my httpd.conf

httpd.conf

I've tried to use temp.alagory.com as the server name for the temp.alagory.com virtual host, but it still redirected to the /srv/http/ directory. I've tried removing all other configurations but it still resolves to the default directory /srv/http/.

Here is the output of apachectl -S with the names of the corresponding sites replaced:

[root@Vega extra]# apachectl -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
                 alias temp.alagory.com
                 wild alias *.temp.alagory.com
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
                 alias temp.minceraft.com
                 wild alias *.temp.minceraft.com
         port 80 namevhost localhost.localdomain (/etc/httpd/conf/extra/httpd-    vhosts.conf:47)
         port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:70)
         port 80 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:8)
*:443                  is a NameVirtualHost
         default server files.example.com (/etc/httpd/conf/extra/httpd-    vhosts.conf:57)
         port 443 namevhost files.example.com (/etc/httpd/conf/extra/httpd-   vhosts.conf:57)
         port 443 namevhost example.com (/etc/httpd/conf/extra/httpd-   vhosts.conf:80)
         port 443 namevhost git.example.com (/etc/httpd/conf/extra/gitlab.conf:16)
         port 443 namevhost www.example.com (/etc/httpd/conf/extra/httpd-ssl.conf:80)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/srv/http"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="http" id=33
Group: name="http" id=33
Giacomo1968
  • 3,542
  • 27
  • 38
InspiredOne
  • 101
  • 2
  • Looking at your `httpd.conf` I have a funny feeling your default for `example.com` is the issue. I would recommend putting that at the top of your virtual host list and seeing what happens when you disable that whole `RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]` block. – Giacomo1968 Sep 28 '14 at 15:24
  • Thank you for the formatting changes. I'll be careful to include that formatting style in future posts. To be clear, you want me to move the virtual host block for `example.com` to the top of the virtual host list? – InspiredOne Sep 28 '14 at 16:12
  • After doing that, provided that I did it correctly, the server is now redirecting to the document root for files.example.com. In addition, going to example.com still leaves me with an encrypted connection. – InspiredOne Sep 28 '14 at 16:16
  • Roll back that suggestion. Look at my full answer. I believe your `ServerName` stuff needs to be adjusted for `temp.alagory.com` as well as `temp.minceraft.com`. – Giacomo1968 Sep 28 '14 at 16:17
  • By the way, you can get a free SSL certificate from https://www.startssl.com/. That should solve your self-signed warning problems. – Ladadadada Sep 29 '14 at 12:09

1 Answers1

1

I set up temp.alagory.com and temp.minceraft.com with CNAME type records pointing to example.com.

CNAME records are just aliases to another DNS record. Meaning that if it all goes to one IP address at the host run by example.com, the issue is in your Apache virtual host config. And the first solid clue to me is seeing the output of apachectl -S

default server example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:25)
        alias temp.alagory.com
        wild alias *.temp.alagory.com
port 80 namevhost example.com (/etc/httpd/conf/extra/httpd-vhosts.conf:36)
        alias temp.minceraft.com
        wild alias *.temp.minceraft.com

The big clue is the port 80 namevhost example.com for temp.alagory.com as well as temp.minceraft.com. Meaning the virtual host config is not paying attention to the host names temp.alagory.comandtemp.minceraft.com`.

So when looking at your actual virtual hosts config, look at ServerName in both cases; they are both ServerName example.com:

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu
    ServerName example.com
    DocumentRoot "/srv/http/alagory"
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com
    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common
</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu
    ServerName example.com
    DocumentRoot "/srv/http/minceraft"
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com
    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

Those should be changed as follows so the ServerName matches the hostname connected to it; I formatted the configs to make it easier to read:

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu

    ServerName temp.alagory.com
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com

    DocumentRoot "/srv/http/alagory"

    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common

</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu

    ServerName temp.minceraft.com
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com

    DocumentRoot "/srv/http/minceraft"

    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

EDIT: I reworked your virtual hosts file. The big changes are formatting for readability as well as placing example.com configs at the top of the list as well as setting proper ServerName and ServerAlias settings for each & every config.

#example.com
<VirtualHost *:80>
    ServerName example.com
    ServerSignature Off

    ServerName example.com
    ServerAlias example.com

    DocumentRoot "/srv/http"

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]

</VirtualHost>

#files.example.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu
    ServerSignature Off

    ServerName files.example.com
    ServerAlias files.example.com
    ServerAlias *.files.example.com

    DocumentRoot "/srv/http/files/mollify"

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]

</VirtualHost>

#temp.alagory.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu

    ServerName temp.alagory.com
    ServerAlias temp.alagory.com
    ServerAlias *.temp.alagory.com

    DocumentRoot "/srv/http/alagory"

    ErrorLog "/var/log/httpd/temp.alagory-error_log"
    CustomLog "/var/log/httpd/temp.alagory-access_log" common

</VirtualHost>

#temp.minceraft.com
<VirtualHost *:80>
    ServerAdmin benbitdiddle@mit.edu

    ServerName temp.minceraft.com
    ServerAlias temp.minceraft.com
    ServerAlias *.temp.minceraft.com

    DocumentRoot "/srv/http/minceraft"

    ErrorLog "/var/log/httpd/temp.minceraft-error_log"
    CustomLog "/var/log/httpd/temp.minceraft-access_log" common
</VirtualHost>

#example.com SSL connection
<IfModule mod_ssl.c> 
<VirtualHost *:443>
    ServerAdmin benbitdiddle@mit.edu

    ServerName example.com
    ServerAlias example.com

    DocumentRoot "/srv/http"

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/server.key
    ErrorLog "/var/log/httpd/example.com-error_log"
    CustomLog "/var/log/httpd/example.com-access_log" common

</VirtualHost>
</IfModule>

#files.example.com SSL connection
<IfModule mod_ssl.c> 
<VirtualHost *:443>
    ServerAdmin benbitdiddle@mit.edu

    ServerName files.example.com
    ServerAlias files.example.com
    ServerAlias *.files.example.com

    DocumentRoot "/srv/http/files/mollify"

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/files.crt
    SSLCertificateKeyFile /etc/httpd/conf/files.key
    ErrorLog "/var/log/httpd/files.example.com.id-error_log"
    CustomLog "/var/log/httpd/files.example.com-access_log" common

</VirtualHost>
</IfModule>
Giacomo1968
  • 3,542
  • 27
  • 38
  • Ok, I did this and uploaded the updated [httpd-vhosts.conf](http://pastebin.com/aQ9sJvCk). The server is directing `temp.alagory.com` and `temp.minceraft.com` to the document root for `files.example.com`. Any thoughts? – InspiredOne Sep 28 '14 at 16:37
  • @InspiredOne You need to add correct server names & aliases for all virtual hosts. Look at what I did here, then look at your remaining virtual host configs. We are on the right track. – Giacomo1968 Sep 28 '14 at 16:41
  • Looking over the config, it looks to me that all the server names and aliases are correctly configured. Do I need `ServerAlias temp.minceraft.com` if the `ServerName` is `temp.minceraft.com`? – InspiredOne Sep 28 '14 at 16:53
  • @InspiredOne I cleaned up the who virtual hosts file. You have no `ServerName` or `ServerAlias` for `files.example.com`. – Giacomo1968 Sep 28 '14 at 17:01
  • Sorry about the poor file formatting. I've replaced my httpd-vhost.conf with yours and now `temp.alagory.com` and `temp.minceraft.com` serve the document root `/srv/http` instead of what they are supposed to be serving. I've run `apachectl -S` again to verify, you can see it [here](http://pastebin.com/dBE3jN8C). Could the configuration file for git.example.com be messing things up? You can look at it [here](http://pastebin.com/isvmvQgj) – InspiredOne Sep 28 '14 at 17:38
  • @InspiredOne I have helped you as best as I can. I have even explained the importance of properly setting `ServerName` as well as `ServerAlias`. But the general chaos of your configs belies my ability to help you any further. Best of luck! If you found this answer helpful, please remember to up vote it. And if it is the answer that solved your question, please be sure to check it off as such. – Giacomo1968 Sep 28 '14 at 18:05
  • Thank you my friend. Your help has been invaluable. I shall upvote as soon as I have enough reputation. – InspiredOne Sep 28 '14 at 19:33