"collision" between Joomla and Virtualhosts for modules

webserver
virtualhosts

(Arnaud) #1

NethServer Version: 7.5
modules: dokuwiki and nextcloud
Hi,
as described here Joomla SSL and SEF urls : mixed content , Joomla makes problem if it is located into a Virtualhost instead of “/var/www/html/”.

The problem is: when at least modules Dokuwiki and Nextcloud are reconfigured to work with a Virtualhost (dokuwiki.domaind.tld or nextcloud.domain.tld), they open instead of Joomla by requiring the url “www.domain.tld”.
The url “www.domain.tld” is redirected to “www.domain.tld/doku.php” and dokuwiki opens (in spite configured as dokuwiki.domain.tld!). As soon as dokuwiki is configured without virtualhost, Nextcloud opens.

Other webapps installed by hand into virtualhosts don’t make trouble.

Can somebody confirm?
How to solve?

Tia
Bye Arnaud


(Markus Neuberger) #2

Confirmed.

I found out that it depends on the order the config files in /etc/httpd/conf.d are parsed, so renaming dokuwiki.conf to zzz_dokuwiki.conf makes it work. But that’s not a real solution as the config files are rewritten. Additionally the order change may have other impacts I don’t know by now.

mv /etc/httpd/conf.d/dokuwiki.conf /etc/httpd/conf.d/zzz_dokuwiki.conf
mv /etc/httpd/conf.d/nextcloud.conf /etc/httpd/conf.d/zzz_nextcloud.conf
systemctl restart httpd

I saw that mattermost uses zz_mattermost.conf so maybe we need to change it for nextcloud and dokuwiki too? @giacomo, @stephdl What do you think?


(Stéphane de Labrusse) #3

arnaud could you confirm that your issue is solved if you rename the dokuwiki.conf ?


(Giacomo Sanchietti) #4

The order of virtual hosts file is important, and it’s always a bit messy :slight_smile:

If you want to know how Apache is parsing virtualhosts use:

httpd -S

(Arnaud) #5

Hi,
thanks your your quick replies. :wink:

I confirm: renaming the conf files as explained by Markus makes Joomla available at www.domain.tld.
But it makes dokuwiki.domain.tld and nextcloud.domain.tld not available (the default screen of NethServer is displayed instead) anymore (this could be logical…).

Let me know.
Bye Arnaud


(Markus Neuberger) #6

On my side the virtual hosts of dokuwiki and nextcloud still worked.


(Arnaud) #7

I’m surprised: how should apache know to use “zzz_dokuwiki.conf” instead of “dokuwiki.conf”??


(Stéphane de Labrusse) #8

@Arnaud and @mrmarkuz you know it now, what is your output please

httpd -S

@Arnaud do you come from contribs.org ?


(Markus Neuberger) #9

@Arnaud is right. Changing the filename doesn’t finally help. It was a “testing error” on my side.


(Stéphane de Labrusse) #10

no really matter the name, only the configuration inside is known by apache, but the name gives the predominance and the first win.

If I could fix dokuwki, I aim to fix nectcloud


(Stéphane de Labrusse) #11

I guess that it miss this

<VirtualHost *:80>
    IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>

and rename the vhost to zzzzzzzzzzzzzdokuwiki.conf


(Arnaud) #12
# mv /etc/httpd/conf.d/dokuwiki.conf /etc/httpd/conf.d/zzz_dokuwiki.conf
[root@le-palais ~]# mv /etc/httpd/conf.d/nextcloud.conf /etc/httpd/conf.d/zzz_nextcloud.conf
[root@le-palais ~]# systemctl restart httpd
[root@le-palais ~]# httpd -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
     default server le-palais.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:12)
     port 80 namevhost le-palais.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:12)
     port 80 namevhost wiki.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:56)
     port 80 namevhost galerie.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:132)
     port 80 namevhost joomla.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:220)
     port 80 namevhost joomla-test.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:308)
     port 80 namevhost nextcloud.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:387)
     port 80 namevhost wiki.guedel.eu (/etc/httpd/conf.d/zzz_dokuwiki.conf:11)
     port 80 namevhost nextcloud.guedel.eu (/etc/httpd/conf.d/zzz_nextcloud.conf:1)
*:443                  is a NameVirtualHost
     default server le-palais.guedel.eu (/etc/httpd/conf.d/ssl.conf:56)
     port 443 namevhost le-palais.guedel.eu (/etc/httpd/conf.d/ssl.conf:56)
     port 443 namevhost wiki.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:24)
     port 443 namevhost galerie.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:88)
     port 443 namevhost joomla.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:176)
     port 443 namevhost joomla-test.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:264)
     port 443 namevhost nextcloud.guedel.eu (/etc/httpd/conf.d/virtualhosts.conf:352)
     port 443 namevhost wiki.guedel.eu (/etc/httpd/conf.d/zzz_dokuwiki.conf:17)
     port 443 namevhost nextcloud.guedel.eu (/etc/httpd/conf.d/zzz_nextcloud.conf:6)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

I note that there are 2x wiki.guedel.eu (1x as virtualahosts.conf and 1x as zzz_dokuwiki.conf) and 2x nextcloud too.

yes it’s me.

I thought last night about this too…


(Stéphane de Labrusse) #13

I know Arnaud as the maintainer of AFFA3 on SME Server. Mate, welcome on board.


(Stéphane de Labrusse) #14

same if you include this in zzz.dokuwiki.conf and you restart apache ?


(Arnaud) #15

Unfortunately, the problem is further present! No change at all: dokuwiki.domain.tld shows further the NethServer default page.

# nano zzz_dokuwiki.conf

<VirtualHost *:80>
    ServerName wiki.guedel.eu
    DocumentRoot  /usr/share/dokuwiki/
    Redirect permanent / https://wiki.guedel.eu/
IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>

<VirtualHost *:443>
    ServerName wiki.guedel.eu
    SSLEngine on
    SSLCertificateFile "/etc/pki/tls/certs/NSRV.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/NSRV.key"
    DocumentRoot  /usr/share/dokuwiki/
IncludeOptional conf.d/default-virtualhost.inc

Thanks!!


(Stéphane de Labrusse) #16

ok this must be fixed

  • what is your tls-policy, try with default policy and 20180330

config show tls-policy

  • Verify logs
    Can you check in /var/log/httpd/ssl_error_log & /var/log/httpd/error_log if you have some clues please

(Arnaud) #17

hi,
it seems to have a mess with the self-signed certificate (desn’t cover the host name)!
More this evening (I hope…)


(Arnaud) #18

so, I have generated a certificate by letsencrypt that covers at leat www.domain.tld, wiki.domain.tld and nextcloud.domain.tld.

The certificate seems to be OK: the 3 subdomains are displayed with the green lock.

I noticed that after this, I get the behavior of the beginning: wiki.domain.tld and nextcloud.domain.tld are OK but www.domain.tld redirects to www.domain.tld/doku.php and dokuwiki is displayed.
zzz-dokuwiki.conf is still present and contains “IncludeOptional conf.d/default-virtualhost.inc”

“config show tls-policy” is empty (=no displayed parameters) and I tried with default policy and 20180330.

/var/log/httpd/ssl_error_log is clean since the certificate of letsencrypt:
[Fri Jun 01 21:19:27.094859 2018] [ssl:warn] [pid 8736] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

After a “systemctl restart httpd” /var/log/httpd/error_log gives:
[Fri Jun 01 22:43:35.187965 2018] [mpm_prefork:notice] [pid 3296] AH00170: caught SIGWINCH, shutting down gracefully [Fri Jun 01 22:43:36.436480 2018] [suexec:notice] [pid 3420] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jun 01 22:43:36.443660 2018] [ssl:warn] [pid 3420] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Fri Jun 01 22:43:36.590910 2018] [auth_digest:notice] [pid 3420] AH01757: generating secret for digest authentication ...
[Fri Jun 01 22:43:36.692540 2018] [core:notice] [pid 3420] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Fri Jun 01 22:43:36.592586 2018] [lbmethod_heartbeat:notice] [pid 3420] AH02282: No slotmem from mod_heartmonitor [Fri Jun 01 22:43:36.599744 2018] [ssl:warn] [pid 3420] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Jun 01 22:43:36.692436 2018] [mpm_prefork:notice] [pid 3420] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 configured -- resuming normal operations

what do you think?
Bye
Arnaud


(Stéphane de Labrusse) #19

need to check, thank for your time :slight_smile:


(Stéphane de Labrusse) #20

For the record, i’m trying to reproduce and fix the issue