PDA

View Full Version : Mister Networking Blunderer at it again



tarzy
28-Sep-2013, 02:51
Hello,

I have Webmin, Apache, & MySQL all working nicely; they all function perfect in every way. I mention in the admin subforum that I was not going to use YaST, which I have not.

Here is my current problem: Webmin is using port 9001, as 10000 is for the online machine accepting requests for the public html directory on port 80. I know that this Apache server (2.2.12) has SSL enabled; I think it's the SSH module (OpenSSH_6.2), and I just this minute see that an earlier variant (5.1) is also running on my current server. I do not use any SSL functions in my working setup, and my site operates from a sub directory vis-a-vis.com/subdir, which then hands off to my SSL gateway provider for CC processing. Works like a charm.

In 2008-early 09, I had several Linux boxes set up, testing Ubuntu, CentOS, and Fedora, which was what I kept and ported to the web. I was able to test them all on my LAN using their internal IPs, and they all 3 worked flawlessly. Now, I cannot seem to get consistency with this new setup. I know that I did change the default Apache index page to one I made, which just says: "It Works".

So, after some analysis of the working Fedora setup using Webmin, and also on this new rig, (for consistency) I cannot access it using the LAN IP: 192.168.1.26. I'm going to look around until I find it, but right now it does not give me access, and a week ago it did. I'm at the point of testing a new PHP shopping cart, which from this point on will be my main directory. BTW, I have 2 virtual servers, properly setup, and my error for either is "404". I'm going to start by checking how to get network results in the terminal, netstat or something like that.
At least I haven't wrecked anything!

malcolmlewis
28-Sep-2013, 03:38
On Sat 28 Sep 2013 01:54:02 AM CDT, tarzy wrote:


Hello,

I have Webmin, Apache, & MySQL all working nicely; they all function
perfect in every way. I mention in the admin subforum that I was not
going to use YaST, which I have not.

Here is my current problem: Webmin is using port 9001, as 10000 is for
the online machine accepting requests for the public html directory on
port 80. I know that this Apache server (2.2.12) has SSL enabled; I
think it's the SSH module (OpenSSH_6.2), and I just this minute see that
an earlier variant (5.1) is also running on my current server. I do not
use any SSL functions in my working setup, and my site operates from a
sub directory vis-a-vis.com/subdir, which then hands off to my SSL
gateway provider for CC processing. Works like a charm.

In 2008-early 09, I had several Linux boxes set up, testing Ubuntu,
CentOS, and Fedora, which was what I kept and ported to the web. I was
able to test them all on my LAN using their internal IPs, and they all 3
worked flawlessly. Now, I cannot seem to get consistency with this new
setup. I know that I did change the default Apache index page to one I
made, which just says: "It Works".

So, after some analysis of the working Fedora setup using Webmin, and
also on this new rig, (for consistency) I cannot access it using the LAN
IP: 192.168.1.26. I'm going to look around until I find it, but right
now it does not give me access, and a week ago it did. I'm at the point
of testing a new PHP shopping cart, which from this point on will be my
main directory. BTW, I have 2 virtual servers, properly setup, and myHi
error for either is "404". I'm going to start by checking how to get
network results in the terminal, netstat or something like that.
At least I haven't wrecked anything!




Hi
So did you change any of the configs and restart apache? Have you run
an apache check on the configs your using?

Sounds like your getting to your sites ok on the expected ports, since
your seeing a 404. But you can always run something like tcpdump (or
wireshark) to observe the network traffic.

--
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

tarzy
29-Sep-2013, 06:03
Wireshark is fascinating, but so far over my head it's incomprehensible.....

All I can do at this point is login to Webmin, which I have set to port 9001 (in webmin's config) instead of 10000, as that is being used for Webmin on the working http server.

I know something is messed up, because when I check the webmaster link to whine, it's the site that is a subdir in the main htdocs folder. Another thing is tcpdump gives info, but I haven't figured out how to pause it to copy info for analysis. Also, there's dropped packets in the eth0:

linux-2u6o:~ # ifconfig
eth0 Link encap:Ethernet HWaddr C8:9C:DC:B1:A0:F6
inet addr:192.168.1.26 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:250952 errors:0 dropped:14303 overruns:0 frame:0
TX packets:165024 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:135685939 (129.4 Mb) TX bytes:29651251 (28.2 Mb)
Interrupt:43 Base address:0x8000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:331 errors:0 dropped:0 overruns:0 frame:0
TX packets:331 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27003 (26.3 Kb) TX bytes:27003 (26.3 Kb)

I certainly have plenty of time, since I have a working server running; just that this machine is vastly superior in every way.

I searched several hours and experimented, but still cannot access anything by http://192.168.1.26 from any of my Windows boxes. Of course, if I try my static IP it goes to the machine connected to port 80.

Anyhow, I'll keep searching, noting that since I screwed up this new rig using YaST, I cant bring myself to touch it; matter of fact, I'd like to uninstall it, at least until I bring this machine under my control.

Regards, tarzy



Hi
So did you change any of the configs and restart apache? Have you run
an apache check on the configs your using?

Sounds like your getting to your sites ok on the expected ports, since
your seeing a 404. But you can always run something like tcpdump (or
wireshark) to observe the network traffic.

--
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

tarzy
29-Sep-2013, 18:19
OK, I'm sort of on the trail....I switched the virtual hosts around so that the one in the public html directory (htdocs) was first. The 2nd vhost is in it's own folder in the htdocs directory. So, when I type the internal IP of this server machine in any other machine's browser on this LAN, I get the "it works" index page. When I try to access the 2nd host by: ip/directory/index.php (what's in that particular host) the browser just asks me if I want to open or save it. since it's tied to Dreamweaver, then all that happens; it opens in that app. I will make a standard type index page just to see if it will display by ip/dir/index.html I think I should be able to have it display the shopping cart page (index.php), but maybe I'm wrong. I'm intending to put a cart system in the htdocs directory for domain 1 also.

I've just looked at the running www server and the owner of any virtual hosts is Apache. Not so on this new machine. I'm having to "root" (pun intended) around to guess hit & miss style to figure out what's going on here; much brain squirming for my pea-sized one.


Hello,

I have Webmin, Apache, & MySQL all working nicely; they all function perfect in every way. I mention in the admin subforum that I was not going to use YaST, which I have not.

Here is my current problem: Webmin is using port 9001, as 10000 is for the online machine accepting requests for the public html directory on port 80. I know that this Apache server (2.2.12) has SSL enabled; I think it's the SSH module (OpenSSH_6.2), and I just this minute see that an earlier variant (5.1) is also running on my current server. I do not use any SSL functions in my working setup, and my site operates from a sub directory vis-a-vis.com/subdir, which then hands off to my SSL gateway provider for CC processing. Works like a charm.

In 2008-early 09, I had several Linux boxes set up, testing Ubuntu, CentOS, and Fedora, which was what I kept and ported to the web. I was able to test them all on my LAN using their internal IPs, and they all 3 worked flawlessly. Now, I cannot seem to get consistency with this new setup. I know that I did change the default Apache index page to one I made, which just says: "It Works".

So, after some analysis of the working Fedora setup using Webmin, and also on this new rig, (for consistency) I cannot access it using the LAN IP: 192.168.1.26. I'm going to look around until I find it, but right now it does not give me access, and a week ago it did. I'm at the point of testing a new PHP shopping cart, which from this point on will be my main directory. BTW, I have 2 virtual servers, properly setup, and my error for either is "404". I'm going to start by checking how to get network results in the terminal, netstat or something like that.
At least I haven't wrecked anything!

tarzy
29-Sep-2013, 20:56
As I suspected: I can use my static (WAN) IP/2nd vhost dir/index.html, and it displays just fine. Also, I can use the internal LAN IP/subdir/index.html for the second domain-vhost, and it's all there.

It must be in either the apache files or the hosts file. I will next compare those to the operating server and therein may lie my final(yea sure!) problem.





OK, I'm sort of on the trail....I switched the virtual hosts around so that the one in the public html directory (htdocs) was first. The 2nd vhost is in it's own folder in the htdocs directory. So, when I type the internal IP of this server machine in any other machine's browser on this LAN, I get the "it works" index page. When I try to access the 2nd host by: ip/directory/index.php (what's in that particular host) the browser just asks me if I want to open or save it. since it's tied to Dreamweaver, then all that happens; it opens in that app. I will make a standard type index page just to see if it will display by ip/dir/index.html I think I should be able to have it display the shopping cart page (index.php), but maybe I'm wrong. I'm intending to put a cart system in the htdocs directory for domain 1 also.

I've just looked at the running www server and the owner of any virtual hosts is Apache. Not so on this new machine. I'm having to "root" (pun intended) around to guess hit & miss style to figure out what's going on here; much brain squirming for my pea-sized one.

jmozdzen
29-Sep-2013, 22:36
Hi tarzy,

your description sounds as if you're running name-based virtual hosts - and by accessing by IP address, and thus Apache not knowing which "named virtual host" to send that request to, hands it to the default virtual host (which will be the first virtual host, as you have experienced).

You'd need to make sure you *client* can access the internal IP via the names used in the virtual host configurations, usually by adding appropriate entries to the client's hosts file (/etc/hosts on Linux machines, c:/windows/system32/drivers/etc/hosts on Windows iirc).

Regards
Jens

tarzy
30-Sep-2013, 03:58
I now believe my problem lies in not having name-based virtual hosting. Rather, I seem to have ip-based virtual hosting. I do not as yet find a "name-based_vhosts.conf" file. Here is my ip-based_vhosts.conf contents:

<VirtualHost *>
DocumentRoot /srv/www/htdocs/
ServerAdmin admin@craigtarwater.com
<Directory /srv/www/htdocs/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir public_html
ServerName craigtarwater.com
ServerAlias www.craigtarwater.com
</VirtualHost>
<VirtualHost *>
DocumentRoot /srv/www/htdocs/playguitarvideos
ServerAdmin admin@playguitarvideos.com
<Directory /srv/www/htdocs/playguitarvideos>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /srv/www/cgi-bin/ /cgi-bin/
<Directory /srv/www/cgi-bin>
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
UserDir public_html
ServerName playguitarvideos.com
ServerAlias www.playguitarvideos.com
</VirtualHost>

So, I could create a file based on this example I just found and name it correctly, but I don't know how to have it called (include directives, I suppose?). I would think there should be a file to use already in there, but maybe not, since my initial setup was with YaST. Man, I am so ignorant!
************************************************** *************************
# Ensure that Apache listens on port 80
Listen 80

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.example.com

# Other directives here

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/example2
ServerName www.example.org

# Other directives here

</VirtualHost>
************************************************** ************************

This is my steepest learning curve so far in computing.

Regards, tarzy


I used YaST when I initially setup the http server, and must not use it, at least not until I understand more. My ignorance is obvious in that I failed to realize what the file title says: "name-based" virtual hosting!





Hi tarzy,

your description sounds as if you're running name-based virtual hosts - and by accessing by IP address, and thus Apache not knowing which "named virtual host" to send that request to, hands it to the default virtual host (which will be the first virtual host, as you have experienced).

You'd need to make sure you *client* can access the internal IP via the names used in the virtual host configurations, usually by adding appropriate entries to the client's hosts file (/etc/hosts on Linux machines, c:/windows/system32/drivers/etc/hosts on Windows iirc).

Regards
Jens

jmozdzen
30-Sep-2013, 18:09
Hi tarzy,

the "listen directives" are in /etc/apache2/listen.conf

If you follow your "sample" and add "NameVirtualHost *:80" (which I personally think is a good idea in preparation of SSL-based hosts), you'll have to update your VirtualHost directives to read "*:80", too. See "rcapache2 configtest" after adjusting your configuration, if it reports "mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results" you have it mixed up and need to unify things.

Regards,
Jens

tarzy
01-Oct-2013, 06:34
I certainly appreciate the advice I'm getting, although I'm so confused at this point I'm waffling about whether to bail out of this installation. It seems where I wen awry was using YaST to setup the http server, and somehow in vhosts.d I have only ip-based_vhosts.conf, and 2 templates. It seems I should have a name-based_vhosts.conf instead. I can clearly see a list of directives for the default server, and each of the two name-based vhosts, along with an edit feature for all 3, in Webmin. It gives me a clear picture, but I still find no name-based vhosts.conf to edit. As mentioned, here's the output currently, along with the fact that I just don't know where to turn now. Giving up and redoing is a crummy option, I feel, so I'll keep twiddling.

linux-2u6o:~ # rcapache2 configtest
httpd2-prefork: Could not reliably determine the server's fully qualified domain name, using 192.168.1.26 for ServerName
[Mon Sep 30 21:08:39 2013] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Sep 30 21:08:39 2013] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Sep 30 21:08:39 2013] [warn] NameVirtualHost 192.168.1.26:0 has no VirtualHosts
[Mon Sep 30 21:08:39 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Syntax OK





Hi tarzy,

the "listen directives" are in /etc/apache2/listen.conf

If you follow your "sample" and add "NameVirtualHost *:80" (which I personally think is a good idea in preparation of SSL-based hosts), you'll have to update your VirtualHost directives to read "*:80", too. See "rcapache2 configtest" after adjusting your configuration, if it reports "mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results" you have it mixed up and need to unify things.

Regards,
Jens

tarzy
01-Oct-2013, 08:53
Ok, here is the virtualserver config for the new machine for one (my main domain) of 2 vhosts:

Directives
For craigtarwater.com:80


DocumentRoot /srv/www/htdocs/ /etc/apache2/vhosts.d/ip-based_vhosts.conf (2)
ServerAdmin admin@craigtarwater.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (3)
<Directory /srv/www/htdocs/>
AllowOverride None /etc/apache2/vhosts.d/ip-based_vhosts.conf (5)
Order allow,deny /etc/apache2/vhosts.d/ip-based_vhosts.conf (6)
Allow from all /etc/apache2/vhosts.d/ip-based_vhosts.conf (7)
</Directory>
UserDir public_html /etc/apache2/vhosts.d/ip-based_vhosts.conf (9)
ServerName craigtarwater.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (10)
ServerAlias www.craigtarwater.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (11)

Here's the 2nd (still new mchine) virtualhost:

Directives
For playguitarvideos.com:80


DocumentRoot /srv/www/htdocs/playguita .. /etc/apache2/vhosts.d/ip-based_vhosts.conf (14)
ServerAdmin admin@playguitarvideos.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (15)
<Directory /srv/www/htdocs/playguitarvideos>
AllowOverride None /etc/apache2/vhosts.d/ip-based_vhosts.conf (17)
Order allow,deny /etc/apache2/vhosts.d/ip-based_vhosts.conf (18)
Allow from all /etc/apache2/vhosts.d/ip-based_vhosts.conf (19)
</Directory>
ScriptAlias /srv/www/cgi-bin/ /cgi-bin .. /etc/apache2/vhosts.d/ip-based_vhosts.conf (21)
<Directory /srv/www/cgi-bin>
AllowOverride None /etc/apache2/vhosts.d/ip-based_vhosts.conf (23)
Options +ExecCGI -Includes /etc/apache2/vhosts.d/ip-based_vhosts.conf (24)
Order allow,deny /etc/apache2/vhosts.d/ip-based_vhosts.conf (25)
Allow from all /etc/apache2/vhosts.d/ip-based_vhosts.conf (26)
</Directory>
UserDir public_html /etc/apache2/vhosts.d/ip-based_vhosts.conf (28)
ServerName playguitarvideos.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (29)
ServerAlias www.playguitarvideos.com /etc/apache2/vhosts.d/ip-based_vhosts.conf (30)

Here is the main domain on the actual currently running Fedora machine:

Directives
For craigtarwater.com:80


ServerAdmin admin@craigtarwater.com /etc/httpd/conf/httpd.conf (990)
ServerName craigtarwater.com /etc/httpd/conf/httpd.conf (991)
ServerAlias www.craigtarwater.com /etc/httpd/conf/httpd.conf (992)
DocumentRoot /var/www/html/ /etc/httpd/conf/httpd.conf (993)
<Directory /var/www/html/>
Order allow,deny /etc/httpd/conf/httpd.conf (995)
Allow from all /etc/httpd/conf/httpd.conf (996)
</Directory>

2nd virtualhost on Fedora:

Directives
For playguitarvideos.com:80


DocumentRoot "/var/www/html/playguitarvideos" /etc/httpd/conf/httpd.conf (1006)
ServerName playguitarvideos.com /etc/httpd/conf/httpd.conf (1007)
<Directory "/var/www/html/playguitarvideos">
allow from all /etc/httpd/conf/httpd.conf (1009)
Options +Indexes /etc/httpd/conf/httpd.conf (1010)
</Directory>
ServerAlias www.playguitarvideos.com /etc/httpd/conf/httpd.conf (1012)
ServerAdmin admin@playguitarvideos.com /etc/httpd/conf/httpd.conf (1013)

Fedora has these only in the main server config file, etc/httpd/httpd.conf
As shown, on SuSE, they are in their own file: /etc/apache2/vosts.d/ip=based_vhosts.conf

So my question is since there is a difference between Apache 2.2.9 (Fedora 9) and Apache2.2.12 (SLES 11 SP3) Should I just append the 2 vhost directives (containers - <virtualhost> </virtualhost> into the end of the httpd.conf in the new machine, like they are in the the old machine, and comment out the ip-based_vhosts.conf or get rid of it or use a sample file, still using the Apache2 httpd.conf one?

I read a bit ago in an openSuSE forum that another person had my basic problem (ip-based vs. name-based vhosts), and it arose using YaST. Several people in the forum believed the YaST configuration writing it that way is indeed a minor "bug".

I am likely going to answer my questions by trial & error, but it would be neater if someone here told me what I should do.

Regards, tarzy







I certainly appreciate the advice I'm getting, although I'm so confused at this point I'm waffling about whether to bail out of this installation. It seems where I wen awry was using YaST to setup the http server, and somehow in vhosts.d I have only ip-based_vhosts.conf, and 2 templates. It seems I should have a name-based_vhosts.conf instead. I can clearly see a list of directives for the default server, and each of the two name-based vhosts, along with an edit feature for all 3, in Webmin. It gives me a clear picture, but I still find no name-based vhosts.conf to edit. As mentioned, here's the output currently, along with the fact that I just don't know where to turn now. Giving up and redoing is a crummy option, I feel, so I'll keep twiddling.

linux-2u6o:~ # rcapache2 configtest
httpd2-prefork: Could not reliably determine the server's fully qualified domain name, using 192.168.1.26 for ServerName
[Mon Sep 30 21:08:39 2013] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Sep 30 21:08:39 2013] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Sep 30 21:08:39 2013] [warn] NameVirtualHost 192.168.1.26:0 has no VirtualHosts
[Mon Sep 30 21:08:39 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Syntax OK

jmozdzen
01-Oct-2013, 09:28
Hi tarzy,

there's no need for your vhosts configuration file to have a certain name (except for the extension ;) ) - from what I can see, you HAVE configured name-based virtual hosts. To probably make it more logical to you: How could this be an *IP-based* configuration when there are no IP addresses specified in your virtual hosts' configuration?

What you have done is mixing up the general setup of virtual hosts: You seem to have somehow (and -where) specified that you want to have IP-based virtual hosts on port 0 - probably you have "NameVirtualHost 192.168.1.26:0" somewhere in your configuration file (maybe by error, omitting the digit "8"?). Then you have correctly defined that on all addresses the httpd is listening on, you want name-based virtual hosts on port 80 ("NameVirtualHost *:80"), but as I predicted in my previous message, you have not changed your virtual hosts' definitions to reflect this - they need to start with "<VirtualServer *:80>" and not "<VirtualServer *>" - the former would match the general configuration of "I have virtual hosts on *:80", the latter does not and makes you receive that error message.

Regards,
Jens

tarzy
02-Oct-2013, 08:44
Somehow I feel it will not be, but after an entire day of intermittent messing with various files, the last being /etc/apache2/listen.conf here are my results:

linux-2u6o:~ # rcapache2 configtest
Syntax OK

Yea/Nay?

Regards, tarzy


Hi tarzy,

there's no need for your vhosts configuration file to have a certain name (except for the extension ;) ) - from what I can see, you HAVE configured name-based virtual hosts. To probably make it more logical to you: How could this be an *IP-based* configuration when there are no IP addresses specified in your virtual hosts' configuration?

What you have done is mixing up the general setup of virtual hosts: You seem to have somehow (and -where) specified that you want to have IP-based virtual hosts on port 0 - probably you have "NameVirtualHost 192.168.1.26:0" somewhere in your configuration file (maybe by error, omitting the digit "8"?). Then you have correctly defined that on all addresses the httpd is listening on, you want name-based virtual hosts on port 80 ("NameVirtualHost *:80"), but as I predicted in my previous message, you have not changed your virtual hosts' definitions to reflect this - they need to start with "<VirtualServer *:80>" and not "<VirtualServer *>" - the former would match the general configuration of "I have virtual hosts on *:80", the latter does not and makes you receive that error message.

Regards,
Jens

jmozdzen
02-Oct-2013, 11:38
Somehow I feel it will not be, but after an entire day of intermittent messing with various files, the last being /etc/apache2/listen.conf here are my results:

linux-2u6o:~ # rcapache2 configtest
Syntax OK

Yea/Nay?

Regards, tarzy

Hi tarzy,

what do you expect me to answer to this? ;)

"Looks OK" :D

Now... does it work like you need it? Last open topic (client access via internal network) was answered by me in #6, iirc... you need access through the browser by using the DNS names which you specified as "ServerName" or "ServerAlias".

Regards,
Jens

tarzy
02-Oct-2013, 14:36
Yes, everything is now perfect. As it turns out, the likelihood of all my frustration was having 5 years of comfort due to not having to do anything to my other machine, which was never off other than 2 moves and maybe 20 short intervals when the power went off for a bit (typical NW USA). Linux is so good that I'm going to get rid of all but 1 Windows 8 OS on my 6 machines.

Thanks for all of the assistance!

Regards, tarzy



Hi tarzy,

what do you expect me to answer to this? ;)

"Looks OK" :D

Now... does it work like you need it? Last open topic (client access via internal network) was answered by me in #6, iirc... you need access through the browser by using the DNS names which you specified as "ServerName" or "ServerAlias".

Regards,
Jens