HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   HTTPS only (http://www.howtoforge.com/forums/showthread.php?t=58476)

alphaman36 2nd September 2012 20:52

HTTPS only
 
I have a problem that I can't figure out. I have everything running as far as DNS goes. I have an A record for www that points to my public IP. The problem that I have is that I created a new site nothing special, (wordpress) no SSL settings set nothing. The only port that the site seems to respond to is 443 and not 80. What am I missing?

Ok, I have that one figured out. Turned out to be a intrusion prevention rule on my fireall.
However, I still have a problem. I can't access the web site from out side of the network even though an NSLOOKUP returns the correct address. So my question is do I need to change the www A record to point to the internal address of the web site or do I create an A record for the hots using the public address or do I create an A record for the host using the private address?

Well, after more working with it, my firewall is setup right now, but the web site will still only respond to https requests and not http requests. Is there something I am missing in side of the website? I don't have ssl enabled

falko 4th September 2012 21:27

Quote:

Originally Posted by alphaman36 (Post 284612)
So my question is do I need to change the www A record to point to the internal address of the web site or do I create an A record for the hots using the public address or do I create an A record for the host using the private address?

Use the public IP.

Quote:

Well, after more working with it, my firewall is setup right now, but the web site will still only respond to https requests and not http requests. Is there something I am missing in side of the website? I don't have ssl enabled
Can you post the outputs of
Code:

iptables -L
and
Code:

netstat -tap
?

alphaman36 5th September 2012 00:49

Quote:

Originally Posted by falko (Post 284855)
Use the public IP.



Can you post the outputs of
Code:

iptables -L
and
Code:

netstat -tap
?


Do I want to run these commands on the firewall or on the DNS server or ISP config webserver?

falko 5th September 2012 17:37

On the ISPConfig server and the firewall.

alphaman36 6th September 2012 00:50

Quote:

Originally Posted by falko (Post 284905)
On the ISPConfig server and the firewall.

Hi falko, I got it figured out. It wasn't a problem with ISP Config it did turn out to be a problem with the firewall. Even though the DNAT and inbound rules were correct, the web proxy was getting it. By default my firewall proxies LAN and WAN interface, even though the WAN interface is not listed in the proxy list. All I had to do was to physically add the WAN interface then remove it, then the web site was visible to the outside world.

I do have one question about DNS. I have two DNS servers that reside behind the same IP. the second name server is in mirror mode to the first one. Do I only port forward to the first DNS server and leave forwarding closed for the second one or do I port forward to both of them?

falko 6th September 2012 19:01

You can forward a port to just one server. BTW, it doesn't make much sense to have two nameservers running on the same because that doesn't provide redundancy.

alphaman36 7th September 2012 03:30

Quote:

Originally Posted by falko (Post 284965)
You can forward a port to just one server. BTW, it doesn't make much sense to have two nameservers running on the same because that doesn't provide redundancy.

I agree, that's where I was thinking of using DNS buddy or Xname to provide the redundancy with two or three more name server


All times are GMT +2. The time now is 08:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.