Share

Question

I've been trying to set up a WordPress site using these tutorials:
How To Set Up a Host Name
Initial Server Setup
How to Install LAMP stack
How to Set Up Apache Virtual Hosts

I've completed each tutorial without any error messages and I've restarted the process on multiple droplets, but every time I enter my domain Firefox displays "Unable to connect". I've added the proper exceptions in UFW (allowing traffic on ports 80 and 443, restarting Apache after each change). My ports.conf file confirms ports 80 and 443 are being listened to as well.

It might also be worth noting that earlier, before this problem arose, I had the virtual host working, had the site secured via Let's Encrypt, and had WordPress installed. After some frustration in trying to get to the WordPress admin page, I ended up starting from scratch.

Any help is appreciated.

Accepted Answer

hansen July 23, 2017

Hi @tylerferguson

Let's double check the firewall again, run this:

sudo ufw status

And which services are being listened to currently, run this:

sudo lsof -iTCP -sTCP:LISTEN -P

But my main guess would be that there's something wrong with your domain DNS.
Can you run the following three commands:

dig yourdomain.com NS
dig yourdomain.com A
dig www.yourdomain.com CNAME

Reply

Accepted Answer

tylerferguson July 23, 2017

Thanks for the reply!

Firewall status:

OpenSSH             ALLOW       Anywhere                  
Apache Full         ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                       ALLOW       Anywhere                  
80,443/tcp           ALLOW       Anywhere                  
OpenSSH (v6)      ALLOW       Anywhere (v6)             
Apache Full (v6)  ALLOW       Anywhere (v6)             
80 (v6)                  ALLOW       Anywhere (v6)             
443 (v6)                ALLOW       Anywhere (v6)             
80,443/tcp (v6)    ALLOW       Anywhere (v6)

lsof:

sshd    1361        root               3u  IPv4  13804    0t0  TCP *:22 (LISTEN)
sshd    1361        root               4u  IPv6  13813     0t0  TCP *:22 (LISTEN)
mysqld  1405    mysql          28u  IPv4  15631     0t0  TCP localhost:3306 (LISTEN)
apache2 1522   root               4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1527   www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1528   www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1529   www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1530   www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1531    www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)
apache2 1797    www-data     4u  IPv6  15583    0t0  TCP *:80 (LISTEN)

dig NS:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain.org NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3775
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.org.        IN  NS

;; ANSWER SECTION:
domain.org. 1799    IN  NS  ns2.digitalocean.com.
domain.org. 1799    IN  NS  ns1.digitalocean.com.
domain.org. 1799    IN  NS  ns3.digitalocean.com.

;; Query time: 48 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Jul 23 03:30:26 UTC 2017
;; MSG SIZE  rcvd: 115

dig A:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11744
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.org.        IN  A

;; ANSWER SECTION:
domain.org. 3599    IN  A   174.138.62.18

;; Query time: 162 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Jul 23 03:33:02 UTC 2017
;; MSG SIZE  rcvd: 61

dig CNAME:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.domain.org CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47155
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.domain.org.        IN  CNAME

;; ANSWER SECTION:
www.domain.org. 43199   IN  CNAME   domain.org.

;; Query time: 67 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Jul 23 03:34:16 UTC 2017
;; MSG SIZE  rcvd: 63

Reply

hansen July 23, 2017

@tylerferguson

Your lsof says that Apache is only listening to IPv6, so either you've specified your Apache VirtualHost to only match on IPv6 or maybe you've only specified Apache to only listen to a specific interface.

Can you post your apache.conf - might be called httpd.conf - and also your site VirtualHost configuration.

Answer 3

hansen July 23, 2017

@tylerferguson

Your lsof says that Apache is only listening to IPv6, so either you've specified your Apache VirtualHost to only match on IPv6 or maybe you've only specified Apache to only listen to a specific interface.

Can you post your apache.conf - might be called httpd.conf - and also your site VirtualHost configuration.

Accepted Answer

tylerferguson July 23, 2017

apache2.conf:

Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

Include ports.conf

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

IncludeOptional conf-enabled/*.conf

IncludeOptional sites-enabled/*.conf

ServerName domain.org

domain.org.conf:

<VirtualHost *:80>
ServerAdmin admin@domain.org
ServerName domain.org
ServerAlias www.domain.org
DocumentRoot /var/www/domain.org/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Reply

hansen July 23, 2017

@tylerferguson

I don't know then. If ports.conf doesn't contain something specific about IPv6, then I would recommend that you start over with the LAMP tutorial:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04

How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 16.04
by Brennen Bearnes
A "LAMP" stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is...
- tylerferguson July 23, 2017
  
  @hansen
  I feel like a doofus. I tried connecting via a different device/browser for the first time since this morning and it works. After scrapping my SSL-certified version, I think my browser continued to attempt HTTPS connections on the new (and unencrypted site). Clearing my cache did the trick and all is well. Thanks for your patience.
  
  hansen July 23, 2017
  
  @tylerferguson
  
  Great. Yes, if you previously had HTTPS and you set the HSTS header, then you were telling the browser, that your site will always use HTTPS.
  That means anyone who already visited your site would need to clear their cache - or even better, you could enable HTTPS again.
  
  Once you start encrypting, it's not always straight forward to remove it again.
  You can see more about the HSTS header here:
  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Answer 5

hansen July 23, 2017

@tylerferguson

I don't know then. If ports.conf doesn't contain something specific about IPv6, then I would recommend that you start over with the LAMP tutorial:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04

How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 16.04
by Brennen Bearnes
A "LAMP" stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is...
- tylerferguson July 23, 2017
  
  @hansen
  I feel like a doofus. I tried connecting via a different device/browser for the first time since this morning and it works. After scrapping my SSL-certified version, I think my browser continued to attempt HTTPS connections on the new (and unencrypted site). Clearing my cache did the trick and all is well. Thanks for your patience.
  
  hansen July 23, 2017
  
  @tylerferguson
  
  Great. Yes, if you previously had HTTPS and you set the HSTS header, then you were telling the browser, that your site will always use HTTPS.
  That means anyone who already visited your site would need to clear their cache - or even better, you could enable HTTPS again.
  
  Once you start encrypting, it's not always straight forward to remove it again.
  You can see more about the HSTS header here:
  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Apache not displaying virtual host test page (Unable to connect)

Leave a Comment

Share

Share your Question

Apache not displaying virtual host test page (Unable to connect)

Leave a Comment

Related Questions

Almost there!

Report a Bug