Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Apache defaults to first virtual server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
NotExcessive
Apprentice
Apprentice


Joined: 10 May 2005
Posts: 217

PostPosted: Thu Mar 14, 2013 1:03 am    Post subject: [SOLVED] Apache defaults to first virtual server Reply with quote

Hi all;

I have a problem with Apache: I'm using a virtual name-server setup and that bit works fine, but when I go to the basic IP address with a browser, it takes me to the first virtual server instead of whatever I have in /var/www/localhost/htdocs.

The virtual servers are in a totally different directory, and if I go to http://localhost or https://localhost on the actual machine itself with links2, then I see index.html in /var/www/localhost/htdocs just as I should.

From the network, if I go to http://192.168.4.6 (the machine's address) I see the first virtual server instead, but if I go to https://192.168.1.6, then I see index.html in /var/www/localhost/htdocs, again just as I should be seeing.

Here are my configuration files for the default host settings:

/etc/apache2/vhosts.d/default_vhost_conf:
Code:
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
<------>ServerName localhost
<------>Include /etc/apache2/vhosts.d/default_vhost.include

<------><IfModule mpm_peruser_module>
<------><------>ServerEnvironment apache apache
<------></IfModule>
</VirtualHost>
</IfDefine>

# vim: ts=4 filetype=apache


And of course I have -D DEFAULT_VHOST in /etc/conf.d/apache2 as per the comment in the file.


/etc/apache2/vhosts.d/default_vhost.include:
Code:
DocumentRoot "/var/www/localhost/htdocs"

# This should be changed to whatever you set DocumentRoot to.
<Directory "/var/www/localhost/htdocs">
   # Possible values for the Options directive are "None", "All",
   # or any combination of:
   #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
   #
   # Note that "MultiViews" must be named *explicitly* --- "Options All"
   # doesn't give it to you.
   #
   # The Options directive is both complicated and important.  Please see
   # http://httpd.apache.org/docs/2.2/mod/core.html#options
   # for more information.
   Options Indexes FollowSymLinks

   # AllowOverride controls what directives may be placed in .htaccess files.
   # It can be "All", "None", or any combination of the keywords:
   #   Options FileInfo AuthConfig Limit
   AllowOverride All

   # Controls who can get stuff from this server.
   Order allow,deny
   Allow from all
</Directory>

<IfModule alias_module>
   # Redirect: Allows you to tell clients about documents that used to
   # exist in your server's namespace, but do not anymore. The client
   # will make a new request for the document at its new location.
   # Example:
   #   Redirect permanent /foo http://www.example.com/bar

   # Alias: Maps web paths into filesystem paths and is used to
   # access content that does not live under the DocumentRoot.
   # Example:
   #   Alias /webpath /full/filesystem/path
   #
   # If you include a trailing / on /webpath then the server will
   # require it to be present in the URL.  You will also likely
   # need to provide a <Directory> section to allow access to
   # the filesystem path.

   # ScriptAlias: This controls which directories contain server scripts.
   # ScriptAliases are essentially the same as Aliases, except that
   # documents in the target directory are treated as applications and
   # run by the server when requested rather than as documents sent to the
   # client.  The same rules about trailing "/" apply to ScriptAlias
   # directives as to Alias.
   ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>

# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/var/www/localhost/cgi-bin">
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
</Directory>


# vim: ts=4 filetype=apache




/etc/apache2/vhosts.d/default_ssl_vhost_conf:
Code:
<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
# see bug #178966 why this is in here

# When we also provide SSL we have to listen to the HTTPS port
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
Listen 443

<VirtualHost _default_:443>
   ServerName localhost
   Include /etc/apache2/vhosts.d/default_vhost.include
   ErrorLog /var/log/apache2/ssl_error_log

   <IfModule log_config_module>
      TransferLog /var/log/apache2/ssl_access_log
   </IfModule>

   ## SSL Engine Switch:
   # Enable/Disable SSL for this virtual host.
   SSLEngine on

   ## SSL Cipher Suite:
   # List the ciphers that the client is permitted to negotiate.
   # See the mod_ssl documentation for a complete list.
   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

   ## Server Certificate:
   # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
   # is encrypted, then you will be prompted for a pass phrase. Note that a
   # kill -HUP will prompt again. Keep in mind that if you have both an RSA
   # and a DSA certificate you can configure both in parallel (to also allow
   # the use of DSA ciphers, etc.)
   SSLCertificateFile /etc/apache2/ssl/new.cert.cert

   ## Server Private Key:
   # If the key is not combined with the certificate, use this directive to
   # point at the key file. Keep in mind that if you've both a RSA and a DSA
   # private key you can configure both in parallel (to also allow the use of
   # DSA ciphers, etc.)
   SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key

   ## Server Certificate Chain:
   # Point SSLCertificateChainFile at a file containing the concatenation of
   # PEM encoded CA certificates which form the certificate chain for the
   # server certificate. Alternatively the referenced file can be the same as
   # SSLCertificateFile when the CA certificates are directly appended to the
   # server certificate for convinience.
   #SSLCertificateChainFile /etc/ssl/apache2/ca.crt

   ## Certificate Authority (CA):
   # Set the CA certificate verification path where to find CA certificates
   # for client authentication or alternatively one huge file containing all
   # of them (file must be PEM encoded).
   # Note: Inside SSLCACertificatePath you need hash symlinks to point to the
   # certificate files. Use the provided Makefile to update the hash symlinks
   # after changes.
   #SSLCACertificatePath /etc/ssl/apache2/ssl.crt
   #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt

   ## Certificate Revocation Lists (CRL):
   # Set the CA revocation path where to find CA CRLs for client authentication
   # or alternatively one huge file containing all of them (file must be PEM
   # encoded).
   # Note: Inside SSLCARevocationPath you need hash symlinks to point to the
   # certificate files. Use the provided Makefile to update the hash symlinks
   # after changes.
   #SSLCARevocationPath /etc/ssl/apache2/ssl.crl
   #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl

   ## Client Authentication (Type):
   # Client certificate verification type and depth. Types are none, optional,
   # require and optional_no_ca. Depth is a number which specifies how deeply
   # to verify the certificate issuer chain before deciding the certificate is
   # not valid.
   #SSLVerifyClient require
   #SSLVerifyDepth  10

   ## Access Control:
   # With SSLRequire you can do per-directory access control based on arbitrary
   # complex boolean expressions containing server variable checks and other
   # lookup directives. The syntax is a mixture between C and Perl. See the
   # mod_ssl documentation for more details.
   #<Location />
   #   #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
   #   and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
   #   and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
   #   and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
   #   and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
   #   or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
   #</Location>

   ## SSL Engine Options:
   # Set various options for the SSL engine.

   ## FakeBasicAuth:
   # Translate the client X.509 into a Basic Authorisation. This means that the
   # standard Auth/DBMAuth methods can be used for access control. The user
   # name is the `one line' version of the client's X.509 certificate.
   # Note that no password is obtained from the user. Every entry in the user
   # file needs this password: `xxj31ZMTZzkVA'.

   ## ExportCertData:
   # This exports two additional environment variables: SSL_CLIENT_CERT and
   # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
   # (always existing) and the client (only existing when client
   # authentication is used). This can be used to import the certificates into
   # CGI scripts.

   ## StdEnvVars:
   # This exports the standard SSL/TLS related `SSL_*' environment variables.
   # Per default this exportation is switched off for performance reasons,
   # because the extraction step is an expensive operation and is usually
   # useless for serving static content. So one usually enables the exportation
   # for CGI and SSI requests only.

   ## StrictRequire:
   # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
   # a "Satisfy any" situation, i.e. when it applies access is denied and no
   # other module can change it.

   ## OptRenegotiate:
   # This enables optimized SSL connection renegotiation handling when SSL
   # directives are used in per-directory context.
   #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
   </FilesMatch>

   <Directory "/var/www/localhost/cgi-bin">
      SSLOptions +StdEnvVars
   </Directory>

   ## SSL Protocol Adjustments:
   # The safe and default but still SSL/TLS standard compliant shutdown
   # approach is that mod_ssl sends the close notify alert but doesn't wait
   # for the close notify alert from client. When you need a different
   # shutdown approach you can use one of the following variables:

   ## ssl-unclean-shutdown:
   # This forces an unclean shutdown when the connection is closed, i.e. no
   # SSL close notify alert is send or allowed to received.  This violates the
   # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
   # you receive I/O errors because of the standard approach where mod_ssl
   # sends the close notify alert.

   ## ssl-accurate-shutdown:
   # This forces an accurate shutdown when the connection is closed, i.e. a
   # SSL close notify alert is send and mod_ssl waits for the close notify
   # alert of the client. This is 100% SSL/TLS standard compliant, but in
   # practice often causes hanging connections with brain-dead browsers. Use
   # this only for browsers where you know that their SSL implementation works
   # correctly.
   # Notice: Most problems of broken clients are also related to the HTTP
   # keep-alive facility, so you usually additionally want to disable
   # keep-alive for those clients, too. Use variable "nokeepalive" for this.
   # Similarly, one has to force some clients to use HTTP/1.0 to workaround
   # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
   # "force-response-1.0" for this.
   <IfModule setenvif_module>
      BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
   </IfModule>

   ## Per-Server Logging:
   # The home of a custom SSL log file. Use this when you want a compact
   # non-error SSL logfile on a virtual host basis.
   <IfModule log_config_module>
      CustomLog /var/log/apache2/ssl_request_log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
   </IfModule>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>

# vim: ts=4 filetype=apache



I can't see the error in the configuration; can anybody help?


Last edited by NotExcessive on Thu Mar 14, 2013 11:06 pm; edited 1 time in total
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1406

PostPosted: Thu Mar 14, 2013 5:36 pm    Post subject: Reply with quote

See Avoiding the Default Website

Particularly the part about Alphabetical Order and 00*

This Series at Slicehost got me started: Apache Virtual Hosts on Gentoo - part 1
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Back to top
View user's profile Send private message
NotExcessive
Apprentice
Apprentice


Joined: 10 May 2005
Posts: 217

PostPosted: Thu Mar 14, 2013 9:35 pm    Post subject: Reply with quote

eyoung100 wrote:
See Avoiding the Default Website

Particularly the part about Alphabetical Order and 00*

This Series at Slicehost got me started: Apache Virtual Hosts on Gentoo - part 1



Thanks for that: I'd totally forgotten about the alphabetical ordering thing. Set the 00_ prefix on the default conf files and all good :)
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1406

PostPosted: Thu Mar 14, 2013 10:37 pm    Post subject: Reply with quote

Not a Problem, just recently set up a dev box for mono using apache, took me a few hours last saturday... Dont forget to add Solved.
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum