3

I posted this question before but I guess it wasn't clear the way I wrote it or something. So I deleted it and here it is again with as much info as I can think of.

I created a server using old computer parts of a dell dimension 2400. I installed Ubuntu 16.04.6 LTS with Linux 4.15.0-72-generic kernel. I installed mysql-server, apache2, certbot, pyton3, python-apache-certbot, php7.0, ssh, vsftpd and then forwarded the required ports for what I installed to the internal ip. (192.168.1.23).

Then I setup a wordpress site on the server. The problem is I setup the virtual host file (can be seen below) but for the site to work I have to use the network internal ip for the site to load.

Here is the virtual host file: 

    <IfModule mod_ssl.c>
<VirtualHost 192.168.1.23:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/domain.com/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
ServerName domain.com
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
~

Keep in mind this is the working virtual host.

When I change this to the domain name (domain.com:443) as it should be it doesn't work.

(Same issue on port 80.)

Do I need an internal dns or is it something else?

I tried installing bind but either I botched it up horribly or it wasn't the case ... or both ... leaning more toward both honestly.

anyway I hope this is enough info and someone is able to shed some light on this. I would like to be able to host another site on this server.

Taux1c
  • 76
  • Are you trying to reach the server from the private network (192.168.1.*), or the public Internet, or both? Also, what IP address does the domain name resolve to (and is that different depending on whether you're internal vs external)? – Gordon Davisson Jan 07 '20 at 00:37
  • Currently you can only access via the domain and not on the same network.I would like to be able to access from in and out of the network. Currently i'm using a vpn to edit the site.

    The domain resolves to my external ip assigned by isp.

    If you would like to take a look the domain is quentinpidcock.com

     – Taux1c Jan 07 '20 at 01:03
  • It sounds like your router doesn't support hairpin NAT; if this is the case, you'll need to run a private-only DNS server for the private network, which overrides the public info by serving the private address for your domain. You could use BIND for this, but dnsmasq might be simpler. – Gordon Davisson Jan 07 '20 at 01:17
  • Thanks, I tried BIND earlier but I just couldn't get it to work to save my life. ( I would love to because the memory is limited on this machine .) I am using the spectrum wave 2 router. Was trying to look it up to see if it supports that feature but I haven't found anything yet. I am used to having cpanel but I want to learn to be more independent. I was just thinking that the header information (what the domain being requested is) wasn't being passed to apache. – Taux1c Jan 07 '20 at 01:24
  • One good piece of diagnostic information is the failure mode: when you try to hit the domain, do you get the wrong page, or does it just get a connection failure (e.g. Firefox might say "The connection has timed out")? Does a hit appear in the apache log on the server? If you get a connection failure (& nothing in the log), you have a network-level problem (DNS, routing, or possibly which IP addresses the server is listening on). If it connects (to the correct server; check the server log!) but gets wrong into, then you've got a config problem in the server software. – Gordon Davisson Jan 07 '20 at 02:03
  • When I hit your domain, I get an error page from Apache (404 Not Found), which suggests that your server is reachable (from the outside), but either isn't set up properly or maybe just doesn't have an index page. – Gordon Davisson Jan 07 '20 at 02:08
  • Yeah I just installed dnsmasq and disabled the ip v host and enabled the domain vhost. I'm getting a ssl protocol error. – Taux1c Jan 07 '20 at 02:10
  • so I just added a ------------------- to the apache access.log and tried to access the site from my phone (not on wifi) and got the same error I get from my laptop vpn ( ERR_SSL_PROTOCOL_ERROR ) I went back and check the access.log and nothing. (no hits) – Taux1c Jan 07 '20 at 02:17
  • Okay (I thought the ssl error was on the browser end. I cleared everything I could think of and can't figure out how to get rid of that pesky error.) I did download slimjet browser and open the domain and I get the 404 not found BUT the weird part is there is no hit on /var/log/apache2/access.log but there are earlier entries from all day today in there so it is set to use logging. – Taux1c Jan 07 '20 at 02:32
  • It looks like it's serving non-SSL over port 443. I think there's a number of things wrong here, probably more than we can realistically get sorted in comments like this. My next suggestion: try to get things working one at a time. Get HTTP working before worrying about HTTPS. – Gordon Davisson Jan 07 '20 at 02:38
  • I disabled the domain:80 and enabled the 192.168.1.23:80 virtualhost. I then cleared my ssl state and I now get ERR_CONNECTION_TIMED_OUT. If I enabled the 192.168.1.23:443 the site runs fine. – Taux1c Jan 07 '20 at 02:57
  • Do you think re-installing apache2 is the way to go here? – Taux1c Jan 07 '20 at 02:57
  • So, some good news. I loaded the site (got the 404 error) uninstalled apache2 and then refreshed the browser and got site not reachable. So it is apparently not a routing issue. – Taux1c Jan 07 '20 at 03:21
  • I have now installed apache2 again and get the apache2 default page. I disabled the default virtual host and created my own but for some reason virtual hosts are having no impact on the default page loading. I can however; go to /var/www/html and anything I put there shows up but that doesn't really solve the issue of using virtual hosts. – Taux1c Jan 07 '20 at 03:38
  • I checked the access log for the virtualhost (apparently they have their own) The vhost is accessed every time I hit the site but it doesn't load the vhost directory it loads the default directory. So I think this is now getting off topic. I am going to work on it a bit more and may post a new question. If I do I will link it here but if you or anyone reading this has any ideas please feel free to add them. – Taux1c Jan 07 '20 at 04:02

3 Answers3

0

The ServerName directive is used in order to define the default domain name that will be accepted by the virtual host (and ServerAlias for the synonymous of the default domain name). Also you do not need to specify network interface IP adders (or a domain name) within the <VirtualHost> tag, while you are doesn't have any special goals - i.e. serve different content for the same domain name accessed by different server's IP addresses, etc.

<IfModule mod_ssl.c>

    <VirtualHost _default_:443>

        ServerName example.com
        ServerAlias www.example.com www2.example.com

        # Other configuration directives...

    </VirtualHost>

</IfModule>

Unless there is not FQDN that points to your server's public IP address, you need to setup a local DNS or you need to edit the hosts files of your LAN devices in order to access your (web) server by a domain name within the LAN. For more details, please read the following references:

pa4080
  • 29,831
  • OP is already using the ServerName directive. Also, there are legitimate use-cases for specifying an IP address in the VirtualHost definition, so you shouldn't tell people to omit it by default. – Tim Schumacher Jan 07 '20 at 06:55
  • @TimSchumacher, people should leave everything as its default value unless they are not sure they must change it. IMO in this case exactly the discussed IP is the trouble maker. – pa4080 Jan 07 '20 at 07:11
0

The ServerName directive is only used by Apache to know what domain it's running as (and in some cases it's used to differentiate between multiple VirtualHosts depending on the domain). It does have no effect on clients trying to resolve the domain.

What changes you need to make entirely depends on what your setup is looking like.

If you want to use a domain, you still need to tell the client computers what PC it points to. This can either be done through the system's hosts-file (easier to setup, especially for testing, but is a hassle to setup for each and every computer) or through your own DNS Server (a bit harder to setup and to get right, but more flexible in the end). (This doesn't apply if you are using an "official" domain, not something you invented yourself. Unless you want to resolve domain.com to your internal IP while in your local network.)

To check if the domain itself is setup correctly, check your public IP (or the local IP through ifconfig -a, depending on your setup) on the server through a page like ifconfig.co and compare it to the IP returned by either dig domain.com or nslookup domain.com. If they return the same, your domain is correctly set up to point to your public IP. If they don't, you will have to change where your domain points to, but I can't really help with that.

If you want to access the page from the public internet, you will have to worry about NAT. NAT (or "Network Address Translation") handles communication of multiple internal devices through a single public IP (it's likely that a similiar thing is set up in your case). Your router currently has no idea what computer it should send incoming packets on port 80/443 to, which might be one possible cause of your issues. To set it up correctly, search for how to setup "Port Forwarding" on your specific router, and set it up so that it sends all incoming TCP packets on port 80 and 443 to the same port on your server in the local network.

You also might need to pay attention to the VirtualHost directive, where you specifically put your local IP (although I can't imagine it being an issue in your current setup, the other causes are more likely). This basically tells Apache to only ever listen to incoming connections on that specific IP. Once you set up NAT, this should be fine, since requests are sent to your local network's interface. In case you still run into issues after working through the other steps, you might want to try substituting that IP address with an asterisk, causing Apache to listen on all interfaces. This would remove another (if very small) cause of possible errors.

Tim Schumacher
  • 449
0

So after a lot of time and research I figured it out. There were many issues but the main resolution was for example it would be <virtualhost 192.168.1.23 askubuntu.com:80> This is working now with multiple virtual hosts.

I did have some issues serving http over port 443 and other issues. I wound up reformatting the entire disk and reinstalling everything after I figured this out.

Running like a charm now!

Thanks for all the help!

Taux1c
  • 76
  • Since you deleted your public option answer I am replying here to your comment - “If you already have the answer you want why are you trolling for other answers and opinions?” I’m not trolling, and I do not have the answer I want. I know that there are Democratic Presidential candidates (everyone but Warren and Sanders) who are currently supporting a public option. What I don’t know is whether any of these proposed public options have zero copays and zero deductibles. That’s why I posted my question, and if you can answer it I would be grateful. – Keshav Srinivasan Jan 14 '20 at 02:34