Named based virtual host strange behaviour / Apache serves a deregistered site...

November 11, 2014 1.8k views

Hello,

I would need your support, but for this is better to describe a bit my configuration:

  • Initial Ubuntu 14.04 with LAMP, including finished initial server setup (so I am accessing my server through a regular user – not root – and I am using sudo for the moments when I need root privileges)
  • Apache is set up with name virtual hosts, meaning that I want to host several sites on the server using name virtual hosts
  • For the main site I’ve made a set up following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps
  • Initial the main site was set up in 000-default.conf but than I’ve moved it to mainsite.com.conf and I pointed out 000-default.conf to a different folder (I’ve created /var/www/droplet_html for this)
  • DNS set up correctly in digital ocean

My problem is the following: one of the name virtual hosts (nvh1.com) is working correctly and points out to its directory /var/www/nvh1/html/ but when I am accessing the other (nvh2.com) than mainsite.com is loaded.
nvh1.com.conf is configured similar to nvh2.com.conf!
What is strange for me is that I’ve tested different configurations and I get the same behavior in following scenario:

  • Main site configured as 000-default.conf or as mainsite.com.conf. It does not matter how mainsite.com is configured, when nvh2.com is called in browser it loads mainsite.com
  • nvh2.com.conf registered (a2ensite) or deregistered (asdissite). I’ve tried to deregister it in order to point to 000-default.conf (since the DNS is still on, but no conf file is available for nvh2.com), but strangely Apache2 is serving still mainsite.com. I have test it with some subdomains which are registered in DNS but they are not defined in virtual hosts and they are pointing correctly to what is set up in 000-default.conf Of course the SSL certificate does not match for nvh2.com as it is valid for mainsite.com…

What am I missing or what am I doing wrong. I have the feeling that something small is overlooked somewhere as this is not normal behavior…

Here are also my configuration files:
000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@mainsite.com
DocumentRoot /var/www/droplet_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

mainsite.com.conf (this was the old 000-default.conf)
<VirtualHost *:80>
ServerName mainsite.com
ServerAdmin webmaster@mainsite.com
ServerAlias www.mainsite.com mainsite.org www.mainsite.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all –SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2: RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /path/to/ssl/ssl.crt
SSLCertificateKeyFile /path/to/ssl/key/myown.key
SSLCertificateChainFile /path/to/ssl/sub.class1.server.ca.pem
ServerName mainsite.com
ServerAdmin webmaster@mainsite.com
ServerAlias www.mainsite.com mainsite.org www.mainsite.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

nvh1.com.conf
<VirtualHost *:80>
ServerName nvh1.com
ServerAdmin webmaster@nvh1.com
ServerAlias www.nvh1.com
DocumentRoot /var/www/nvh1.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

nvh2.com.conf
<VirtualHost *:80>
ServerName nvh2.com
ServerAdmin webmaster@nvh2.com
ServerAlias www.nvh2.com
DocumentRoot /var/www/nvh2.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

4 comments
  • if it's worth mentioning droplet name is mainsite.com and fqdn is set up properly. If it's helping i can post also the contents of hosts and hostname.

    Another question would be if any other solution does not work, does it make sense to uninstall apache and to reinstall it. Is there any tutorial for this?

    Thanks,
    Vlad

  • "does it make sense to uninstall apache and to reinstall it. Is there any tutorial for this?"

    probably not. if apache itself is working (websites being served) than it would be just more work

    the problem, it seems, is in the conf files somewhere.

    Here is a working conf file I have that I usually just copy for all other sites. The host this runs on has 7 sites that all run identical conf files.
    Each site uses an SSL cert from StartSSL

    <VirtualHost *:80>
    ServerAdmin webmaster@domain.com
    
        DocumentRoot /var/www/domain.com
    
        <Directory /var/www/domain.com>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
                    Require all granted
        </Directory>
    
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
            AllowOverride All
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
        </Directory>
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
    
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
    
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride All
            Order deny,allow
            Allow from all
        </Directory>
    ServerAlias www.domain.com
    ServerName domain.com
    
    </VirtualHost>
    
    <IfModule mod_ssl.c>
    <VirtualHost *:443>
    SSLEngine on
    
         ServerName domain.com
         ServerAlias www.domain.com
    
         SSLCertificateFile /etc/apache2/ssl/domain.com/domain.com.crt
         SSLCertificateKeyFile /etc/apache2/ssl/domain.com/domain.com.key
         SSLCertificateChainFile /etc/apache2/ssl/domain.com/sub.class1.server.ca.pem
    
         ServerAdmin webmaster@domain.com
         DocumentRoot /var/www/domain.com
         ErrorLog /var/www/domain.com/logs/error.log
         CustomLog /var/www/domain.com/logs/access.log combined
    </VirtualHost>
    </IfModule>
    
  • i am continuing with trial&error. I have unregistered all sites besides the 000-default.conf. At that moment nvh2.com and mainsite.com were pointing correctly to what 000-default.conf is indicating (/var/www/droplet_html).

    I tried to register again only nvh2.com and it goes again wrongly to mainsite.com (even though mainsite.com is not registered). The issue is that mainsite.com has ssl configured so when I am writing http://nvh2.com in browser I am redirected to https://nvh2.com, which actually try to load https://mainsite.com.
    I've tried to register again mainsite.com which is working correctly but now after unregistering both nvh2.com and mainsite.com I get redirected for both sites to the https version and I am getting a "Secure Connection Failed" error when in fact they should point again to 000-default.conf...

    Secure Connection Failed
    An error occurred during a connection to willuebersiedeln.at. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. 
    

    now I am trying to find a way to get back to that configuration were no sites are registered but due to DNS setup they are all pointing to 000-default.conf and also what is in 000-default.conf is served...

  • I've solved a part of the problem: browser history are hindering with http / https requests for visited sites: i.e. if you visited a site that has https browser will always serve https.
    I have deleted browser history and cache and now with all sites unregistered and only 000-default.conf everything points out correctly. I will now load one by one the conf files and see if this will help.

    And another: on mainsite.com a wordpress is installed. On nvh2.com were also copied the sources of wordpress and I was about to install it. Once I have deleted wordpress from nvh2.com directory this is not pointing anymore to mainsite.com.

    Direction is clear I have to research how to install 2 wordpress sites one with https and one without on the same server using virtual name servers.

1 Answer

selfsolved (see comments): issue was from wordpress which in the last version has a special multisite feature. Since both mainsite.com and nvh2.com had both wordpress and wordpress was not properly configured for multisites nvh2.com was pointing to mainsite.com, eventhough it was a different copy of the wordpres source files.
Actual status: wordpress is deleted from nvh2.com folder and a simple index.html shows that apache is solving correctly all virtual base name servers.
@sierracircle: thanks for the knowhow, I've adopted some of your config lines!

Have another answer? Share your knowledge.