Website redirect failure

v7
virtualhosts
webserver

(Guus) #1

**NethServer Version:**7.5.1804
**Module:**httpd

My server is called yz1web.ijzereef.nl and my webserver www.ijzereef.nl was installed in the documentroot /var/www/html.
After having some issues with Webtop5 being not stable as expected I decided some time ago to install SOGo as per instuctions in this forum. This is now running for quit some time at great satisfaction. Besides that I’am running nextcloud and mailserver.

The following redirects work just fine:
webmail.ijzereef.nl redirects to /webmail.domain.com/SOGo
cloud.ijzereef.nl redirects to the installed nextcloud instance
mail.ijzereef.nl for my mailserver.

One consequence of installing SOGo was that I hat to put my webpage in an virtual host in order to reach this so I created the vhost www.ijzereef.nl, it’s a wordpress website. This also worked fine until one of the last weeks updates. All of a sudden I’am facing the following problem:
wenn I connect from the intranet the pages show up no problem so I didn’t noticed that the outside world couldn’t see my website anymore at first. But when I connect the website from the internet through my firewall, which has not changed in the last 6 months, I get this default page that my nethserv installation is up and running stating that I have to install an index.html in /var/www/html documentroot of the server. This I do not not understand because in the documentroot I’ve already installed a copy of my wordpress website because this was the place where I had to install it before I made the switch to SOGo.
Also when I now remove/disable the vhost www.ijzereef.nl the request from the internet to www.ijzereef.nl automatically redirects to the SOGo instance.

In the logs I see the following:
[Sat Nov 10 06:07:09.842162 2018] [authz_core:error] [pid 22356] [client 42.236.99.206:8337] AH01630: client denied by server configuration: /var/lib/nethserver/vhost/www.ijzereef.nl/, referer: https://www.ijzereef.nl/

Does anyone have a clue why this happens or instructions on how to investigate this odd behavior?

Regards
Guus


(Mark Verlinde) #2

Hi Guus,

Seems like you have an issue with default virtual hostname , this should be the FQDN of the server (ie yz1web.ijzereef.nl)

You may check the to the default server assigned domainname with running httpd -S.

Note: we implemented the redirect to /SOGo in the virtual host configuration of nethserver-sogo. If you (still) have custom templates or other customization to accomplish this, it is better to remove them.
(do not forget to run signal-event nethserver-sogo-update after your edits :wink: )

If your system is up to date the SOGo panel made by @stephdl can be found in the service manager;
where (if desirable ) a hostname for SOGo can be set.


(Guus) #3

Hello mark,

I’am facing 2 issues with this instruction:
the fqdn is already over langer time set as shown. Doesn’t let it change causing an error “Users and Groups provider already configured”

Over intranet I can reach the webserver, the server is in a different Vlan which is reached over the unifi usg. The webserver has only one green interface in this Vlan and could be reached in the past from the internet over the same usg/firewall. Only in the short past when I try to reach the server through an internet connection the rerouting failes.

Output of httd -S:
[root@yz1web ~]# httpd -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server webmail.ijzereef.nl (/etc/httpd/conf.d/SOGo.conf:10)
port 80 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/SOGo.conf:10)
alias mail.ijzereef.nl
port 80 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:12)
port 80 namevhost www.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:63)
port 80 namevhost ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:137)
port 80 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:9)
port 80 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:13)
port 80 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:18)
port 80 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/zzz_SOGo.conf:10)
*:443 is a NameVirtualHost
default server webmail.ijzereef.nl (/etc/httpd/conf.d/SOGo.conf:20)
port 443 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/SOGo.conf:20)
alias mail.ijzereef.nl
port 443 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/nethserver.conf:42)
port 443 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:24)
port 443 namevhost ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:98)
port 443 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:23)
port 443 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/zzz_SOGo.conf:19)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/lib/nethserver/vhost/www.ijzereef.nl”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

Here the main documentroot mentioned I’ve changed in my testing last night.

Also I’ve a custom template to ensure that SOGo looks at the right certificate (Letsencrypt) which wasn’t default there I also made some other modifications as you can see.

I’am still confused that the behaviour is different since my intranet communicates over the usg to the vlan my webserver is on as well as any internet request has to.

Regards,
Guus

SOGo panel is present en shows the webmail.ijzereef.nl


(Mark Verlinde) #4

As expected the problem is webmail.ijzereef.nl became your default hostname of your webserver redirecting the root to /SOGo

That’s why the SOGo.conf is renamed in the update to zzz_SOGo.conf. It’s simply a matter of alphabet…

Here is my (truncated) output reproducing your case:

   # httpd -S
    VirtualHost configuration:
    *:80                   is a NameVirtualHost
             default server ns75.havak.lan (/etc/httpd/conf.d/virtualhosts.conf:12)
             port 80 namevhost ns75.havak.lan (/etc/httpd/conf.d/virtualhosts.conf:12)
             port 80 namevhost ns75.havak.lan (/etc/httpd/conf.d/zz_nextcloud.conf:9)
             port 80 namevhost cloud.havak.lan (/etc/httpd/conf.d/zz_nextcloud.conf:13)
             port 80 namevhost cloud.havak.lan (/etc/httpd/conf.d/zz_nextcloud.conf:18)
             port 80 namevhost sogo.havak.lan (/etc/httpd/conf.d/zzz_SOGo.conf:10)
    *:443                  is a NameVirtualHost
             default server ns75.havak.lan (/etc/httpd/conf.d/nethserver.conf:42)
             port 443 namevhost ns75.havak.lan (/etc/httpd/conf.d/nethserver.conf:42)
             port 443 namevhost ns75.havak.lan (/etc/httpd/conf.d/ssl.conf:56)
             port 443 namevhost cloud.havak.lan (/etc/httpd/conf.d/zz_nextcloud.conf:23)
             port 443 namevhost sogo.havak.lan (/etc/httpd/conf.d/zzz_SOGo.conf:19)
    ...
    ...

Letsencrypt is also added in nethserver-sogo by now :grinning:

I recommend to have a look at /etc/httpd/conf.d/zzz_SOGo.conf to see if it fit’s your needs, avoiding the need for a custom template. If not rename (or better: rebase) your custom template to (on) zzz_SOGo.conf, ie move it to this location:

/etc/e-smith/templates-custom/etc/httpd/conf.d/zzz_SOGo.conf/10base

(Guus) #5

Hello Mark,

first of all I’ve removed the custom SOGo template. This didn’t change the accessabillity over the internet. The function of the letsencrypt is certificate within SOGo is functioning as it should

Since this didn’t solve the accessabilty over the internet I looked into the virtualhost settings of www.ijzereef.nl (manager panel). I saw that at some time I must have activated the checkbox “Allow access from trusted networks only” removing this checkbox restored accessabillity of my virtual www domain over the internet.
Nevertheless I still have yz1web as my default server and this I can’t change over the Server name. Calling this domain returns the nethserver test page.
So still my remaining question is how I can get yz1web domain removed as the server default. This should be www.ijzereef.nl

Output after the signal-event command the output of httpd -S is as follows:

signal-event nethserver-sogo-update
[root@yz1web ~]# httpd -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server yz1web.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:12)
port 80 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:12)
port 80 namevhost www.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:63)
port 80 namevhost ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:137)
port 80 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:9)
port 80 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:13)
port 80 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:18)
port 80 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/zzz_SOGo.conf:10)
*:443 is a NameVirtualHost
default server yz1web.ijzereef.nl (/etc/httpd/conf.d/nethserver.conf:42)
port 443 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/nethserver.conf:42)
port 443 namevhost yz1web.ijzereef.nl (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost www.ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:24)
port 443 namevhost ijzereef.nl (/etc/httpd/conf.d/virtualhosts.conf:98)
port 443 namevhost cloud.ijzereef.nl (/etc/httpd/conf.d/zz_nextcloud.conf:23)
port 443 namevhost webmail.ijzereef.nl (/etc/httpd/conf.d/zzz_SOGo.conf:19)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/lib/nethserver/vhost/www.ijzereef.nl”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48


(Guus) #6

And off course Mark, thank you for the prompt replies and instructions which helped finding the reason why the website wasn’t accessible over the internet.


(Mark Verlinde) #7

This is the actual reason the website running in the virtual host was not accessible from the internet.


(Mark Verlinde) #8

Here my knowledge comes short, this is how i understand it:

The configuration of default webserver (yz1web) accepts / tries to process all requests, no mater with which hostname it is accessed . Hence, now the baseline is restored and yz1web is the hostname of your default webserver it will behave more like you might expect.

If you go back in time and start over at this point:

It probably work as you expected back then assuming the wold press webstite has a valid index.xxx

I do not understand (probably like you) why apache does not honer the change in the Main DocumentRoot you made… Pragmatical approach is to revered it to /var/www/html .


(Markus Neuberger) #9

Did you edit /etc/httpd/httpd.conf? The documentroot should be /var/www/html at line 119:

DocumentRoot "/var/www/html"


(Guus) #10

Hello Mark,

At first, during the time I was running webtop5, I had to install my www website (wordpress) in the document root of yz1web. There was no way to get it running in the virtual host www.ijzereef.nl.

After switching to SOGo all of a sudden I had could put my www website in a virtual host which became then accessibel as expected. This also means that yz1web points to the /var/www/html webroot which is empty.

My SOGo config is from the first periode in which the integration was not complete. That’s why I made my custom config.

When I‘am looking at the configuration now I had better called my default server to something as yz1web.ijzereef.dmz and should have made a virtual host www.ijzereef.nl since nethserver can deal with it and create the mailboxes for the @ijzereef.nl domain. This is the way to split local and internet functionality.

Perhaps it is a good thing if I would make a fresh install with this configuration but for now all is working fine so I’ll keep this fort he near future.

Once again thanks fort he support in helping find the reason why the problem occured.

Regards

Guus


(Guus) #11

Hello Markus,

Yes I made this change during my search why my domain wasn’t reachable over the internet, reverted it right now. All is working fine.

Thanks for pointing this out.

Guus