Please help with Apache virtual servers and DNS trouble (I think)

Dale Scott dalescott at shaw.ca
Fri Nov 20 19:14:03 UTC 2020 

----- Original Message -----
> From: freebsd at boosten.org
> To: "freebsd-questions" <freebsd-questions at freebsd.org>
> Cc: "Dale Scott (dalescott at shaw)" <dalescott at shaw.ca>
> Sent: Friday, November 20, 2020 10:16:26 AM
> Subject: Re: Please help with Apache virtual servers and DNS trouble (I think)

>> Op 20 nov. 2020, om 16:10 heeft Dale Scott < [ mailto:dalescott at shaw.ca |
>> dalescott at shaw.ca ] > het volgende geschreven:

Thanks for your kind help Peter. Just to be clear, this is my intended
network.

                                                             +----------------+
wwww.dalescott.net:8080    <-------------------------------- + ERPNext        +
                                                             +----------------+
ssh -p 3022 dalescott.net  <-------------------------------- + Ubuntu         |
                                                             | 20.04          |
www.dalescott.net          <----\                            | LTS            |
mantisbt.dalescott.net     <----+                            |                |
proqjector.dalescott.net   <----+       +--------------------+----------------+
nextcloud.dalescott.net    <----+------ + Apache/MariaDb/PHP | virtualbox-ose |
                                        +--------------------+----------------+
ssh -p 3022 dalescott.net  <------------| FreeBSD 11.3 / 12.2                 |
                                        +-------------------------------------+

<snip>

>> ... My understanding of LetsEncrypt (and certbot and the Apache
>> certbot plugin) is that subdomain DNS entry will be required for each Apache
>> virtual server that will https.

> LetsEncrypt version 2 support wildcard certificates. So with one certificate you
> can serve www.domain.tld, blah.domain.tld and hurray.domain.tld. However, in order
> to reach your virtual server mantisbt.dalescott.net have to have a DNS record for
> that host (not subdomain), this can be an A record or a CNAME.
> Of course you can use a wildcard.

Wild cards sound easier to manage, which I will investigate after getting things
working again without certs.

>> So I removed the wild card from my dalescott.net DNS entry and configured new
>> subdomain DNS entries for the Apache virtual servers. However I didn't create
>> certificates or change Apache httpd-vhosts.conf, and I'm still not trying to
>> serve anything but pure http on port 80.

> What do you mean with ’subdomain’? A subdomain would mean something like
> 'servers.dalescott.net' in your case, and your mantisbt server would then be
> reachable as mantisbt.servers.dalescott.net. So please elaborate.

Networking is not my strength ; IIUC my tld is dalescott.net, and I am using subdomains
www, mantisbt, timetracker... or fully qualified www.dalescott.net, mantisbt.dalescott.net,
timetracker.dalescott.net, etc. Is my terminology incorrect?

>> The problem is that I can access all my virtual servers and ssh to the vm using
>> port 3022, but I get a "no server response" error in the browser when trying to
>> access the vm web server on port 8080.

> Is it not that your browser expects https and you get http (or vice versa)?
> What does your apache logging say?

I am not expecting ANY https at this point. My goal is to first restore the
http-only behavior I had using fbsd-11.3 before I started down this rabbit
hole. ;-)  Perhaps I need to go back to the one original wildcard DNS entry I had
and all will be ok, and then I figure out to use a wildcard Let's Encrypt cert,
and then the specifics of each web apps.

I browsed to the vbox vm web server dalescott.net:8080 and saw expected ("This page isn’t
working" "dalescott.net didn’t send any data." "ERR_EMPTY_RESPONSEI"), but then
checked httpd-error.log and no related errors, which I had expected to see, thinking
Apache was getting the dalescott.net:8080 request and didn't know what to do with it.

Maybe the web server on the vbox vm isn't responding at all. I will need to check
that out.

Fwiw, here is my DNS setup at No-IP.com (entries all have same config): https://i.imgur.com/3UMiWFY.png https://i.imgur.com/RIp6tQS.png

Also, fwiw, from my httpd.conf:

Listen 80
ServerName www.dalescott.net:80

and my typical vhost entry in httpd-vhosts.com:

<VirtualHost mantisbt.dalescott.net:80>
    DocumentRoot "/usr/local/www/mantisbt"
    <Directory "/usr/local/www/mantisbt">
        allow from all
        Options None
        Require all granted
    </Directory>
</VirtualHost>

More information about the freebsd-questions mailing list