Date: Fri, 20 Nov 2020 12:13:58 -0700 (MST) From: Dale Scott <dalescott@shaw.ca> To: freebsd@boosten.org Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Please help with Apache virtual servers and DNS trouble (I think) Message-ID: <436222222.38328265.1605899638737.JavaMail.zimbra@shaw.ca> In-Reply-To: <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org> References: <dbf88edf-7b25-4944-b6c9-5e0d08533265@email.android.com> <df9e09e9-587b-f01b-2849-a90cbd518534@yuripv.dev> <958896405.36997717.1605885037710.JavaMail.zimbra@shaw.ca> <57E903C2-0CB4-4DAD-8F10-12A6879A8029@boosten.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
> From: freebsd@boosten.org
> To: "freebsd-questions" <freebsd-questions@freebsd.org>
> Cc: "Dale Scott (dalescott@shaw)" <dalescott@shaw.ca>
> Sent: Friday, November 20, 2020 10:16:26 AM
> Subject: Re: Please help with Apache virtual servers and DNS trouble (I t=
hink)
>> Op 20 nov. 2020, om 16:10 heeft Dale Scott < [ mailto:dalescott@shaw.ca =
|
>> dalescott@shaw.ca ] > het volgende geschreven:
Thanks for your kind help Peter. Just to be clear, this is my intended
network.
+-------------=
---+
wwww.dalescott.net:8080 <-------------------------------- + ERPNext =
+
+-------------=
---+
ssh -p 3022 dalescott.net <-------------------------------- + Ubuntu =
|
| 20.04 =
|
www.dalescott.net <----\ | LTS =
|
mantisbt.dalescott.net <----+ | =
|
proqjector.dalescott.net <----+ +--------------------+-------------=
---+
nextcloud.dalescott.net <----+------ + Apache/MariaDb/PHP | virtualbox-o=
se |
+--------------------+-------------=
---+
ssh -p 3022 dalescott.net <------------| FreeBSD 11.3 / 12.2 =
|
+----------------------------------=
---+
<snip>
>> ... My understanding of LetsEncrypt (and certbot and the Apache
>> certbot plugin) is that subdomain DNS entry will be required for each Ap=
ache
>> virtual server that will https.
> LetsEncrypt version 2 support wildcard certificates. So with one certific=
ate you
> can serve www.domain.tld, blah.domain.tld and hurray.domain.tld. However,=
in order
> to reach your virtual server mantisbt.dalescott.net have to have a DNS re=
cord for
> that host (not subdomain), this can be an A record or a CNAME.
> Of course you can use a wildcard.
Wild cards sound easier to manage, which I will investigate after getting t=
hings
working again without certs.
>> So I removed the wild card from my dalescott.net DNS entry and configure=
d new
>> subdomain DNS entries for the Apache virtual servers. However I didn't c=
reate
>> certificates or change Apache httpd-vhosts.conf, and I'm still not tryin=
g to
>> serve anything but pure http on port 80.
> What do you mean with =E2=80=99subdomain=E2=80=99? A subdomain would mean=
something like
> 'servers.dalescott.net' in your case, and your mantisbt server would then=
be
> reachable as mantisbt.servers.dalescott.net. So please elaborate.
Networking is not my strength ; IIUC my tld is dalescott.net, and I am usin=
g subdomains
www, mantisbt, timetracker... or fully qualified www.dalescott.net, mantisb=
t.dalescott.net,
timetracker.dalescott.net, etc. Is my terminology incorrect?
>> The problem is that I can access all my virtual servers and ssh to the v=
m using
>> port 3022, but I get a "no server response" error in the browser when tr=
ying to
>> access the vm web server on port 8080.
> Is it not that your browser expects https and you get http (or vice versa=
)?
> What does your apache logging say?
I am not expecting ANY https at this point. My goal is to first restore the
http-only behavior I had using fbsd-11.3 before I started down this rabbit
hole. ;-) Perhaps I need to go back to the one original wildcard DNS entry=
I had
and all will be ok, and then I figure out to use a wildcard Let's Encrypt c=
ert,
and then the specifics of each web apps.
I browsed to the vbox vm web server dalescott.net:8080 and saw expected ("T=
his page isn=E2=80=99t
working" "dalescott.net didn=E2=80=99t send any data." "ERR_EMPTY_RESPONSEI=
"), but then
checked httpd-error.log and no related errors, which I had expected to see,=
thinking
Apache was getting the dalescott.net:8080 request and didn't know what to d=
o with it.
Maybe the web server on the vbox vm isn't responding at all. I will need to=
check
that out.
Fwiw, here is my DNS setup at No-IP.com (entries all have same config): htt=
ps://i.imgur.com/3UMiWFY.png https://i.imgur.com/RIp6tQS.png
Also, fwiw, from my httpd.conf:
Listen 80
ServerName www.dalescott.net:80
and my typical vhost entry in httpd-vhosts.com:
<VirtualHost mantisbt.dalescott.net:80>
DocumentRoot "/usr/local/www/mantisbt"
<Directory "/usr/local/www/mantisbt">
allow from all
Options None
Require all granted
</Directory>
</VirtualHost>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?436222222.38328265.1605899638737.JavaMail.zimbra>