Date: Fri, 20 Nov 2020 12:13:58 -0700 (MST) From: Dale Scott <dalescott@shaw.ca> To: freebsd@boosten.org Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Please help with Apache virtual servers and DNS trouble (I think) Message-ID: <436222222.38328265.1605899638737.JavaMail.zimbra@shaw.ca> In-Reply-To: <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org> References: <dbf88edf-7b25-4944-b6c9-5e0d08533265@email.android.com> <df9e09e9-587b-f01b-2849-a90cbd518534@yuripv.dev> <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca> <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- > From: freebsd@boosten.org > To: "freebsd-questions" <freebsd-questions@freebsd.org> > Cc: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca> > Sent: Friday, November 20, 2020 10:16:26 AM > Subject: Re: Please help with Apache virtual servers and DNS trouble (I t= hink) >> Op 20 nov. 2020, om 16:10 heeft Dale Scott < [ mailto:dalescott@shaw.ca = | >> dalescott@shaw.ca ] > het volgende geschreven: Thanks for your kind help Peter. Just to be clear, this is my intended network. +-------------= ---+ wwww.dalescott.net:8080 <-------------------------------- + ERPNext = + +-------------= ---+ ssh -p 3022 dalescott.net <-------------------------------- + Ubuntu = | | 20.04 = | www.dalescott.net <----\ | LTS = | mantisbt.dalescott.net <----+ | = | proqjector.dalescott.net <----+ +--------------------+-------------= ---+ nextcloud.dalescott.net <----+------ + Apache/MariaDb/PHP | virtualbox-o= se | +--------------------+-------------= ---+ ssh -p 3022 dalescott.net <------------| FreeBSD 11.3 / 12.2 = | +----------------------------------= ---+ <snip> >> ... My understanding of LetsEncrypt (and certbot and the Apache >> certbot plugin) is that subdomain DNS entry will be required for each Ap= ache >> virtual server that will https. > LetsEncrypt version 2 support wildcard certificates. So with one certific= ate you > can serve www.domain.tld, blah.domain.tld and hurray.domain.tld. However,= in order > to reach your virtual server mantisbt.dalescott.net have to have a DNS re= cord for > that host (not subdomain), this can be an A record or a CNAME. > Of course you can use a wildcard. Wild cards sound easier to manage, which I will investigate after getting t= hings working again without certs. >> So I removed the wild card from my dalescott.net DNS entry and configure= d new >> subdomain DNS entries for the Apache virtual servers. However I didn't c= reate >> certificates or change Apache httpd-vhosts.conf, and I'm still not tryin= g to >> serve anything but pure http on port 80. > What do you mean with =E2=80=99subdomain=E2=80=99? A subdomain would mean= something like > 'servers.dalescott.net' in your case, and your mantisbt server would then= be > reachable as mantisbt.servers.dalescott.net. So please elaborate. Networking is not my strength ; IIUC my tld is dalescott.net, and I am usin= g subdomains www, mantisbt, timetracker... or fully qualified www.dalescott.net, mantisb= t.dalescott.net, timetracker.dalescott.net, etc. Is my terminology incorrect? >> The problem is that I can access all my virtual servers and ssh to the v= m using >> port 3022, but I get a "no server response" error in the browser when tr= ying to >> access the vm web server on port 8080. > Is it not that your browser expects https and you get http (or vice versa= )? > What does your apache logging say? I am not expecting ANY https at this point. My goal is to first restore the http-only behavior I had using fbsd-11.3 before I started down this rabbit hole. ;-) Perhaps I need to go back to the one original wildcard DNS entry= I had and all will be ok, and then I figure out to use a wildcard Let's Encrypt c= ert, and then the specifics of each web apps. I browsed to the vbox vm web server dalescott.net:8080 and saw expected ("T= his page isn=E2=80=99t working" "dalescott.net didn=E2=80=99t send any data." "ERR_EMPTY_RESPONSEI= "), but then checked httpd-error.log and no related errors, which I had expected to see,= thinking Apache was getting the dalescott.net:8080 request and didn't know what to d= o with it. Maybe the web server on the vbox vm isn't responding at all. I will need to= check that out. Fwiw, here is my DNS setup at No-IP.com (entries all have same config): htt= ps://i.imgur.com/3UMiWFY.png https://i.imgur.com/RIp6tQS.png Also, fwiw, from my httpd.conf: Listen 80 ServerName www.dalescott.net:80 and my typical vhost entry in httpd-vhosts.com: <VirtualHost mantisbt.dalescott.net:80> DocumentRoot "/usr/local/www/mantisbt" <Directory "/usr/local/www/mantisbt"> allow from all Options None Require all granted </Directory> </VirtualHost>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?436222222.38328265.1605899638737.JavaMail.zimbra>