question regarding the Nginx Catch-All Host As Front End To Apache For ISPConfig3 tut

[falko]

There seem to be problems with name resolution. What's in /etc/resolv.conf and /etc/hosts?

[Ovidiu]

Quote:

h1550830:/etc/apache2/sites-available# cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
search stratoserver.net
nameserver 85.214.7.22
nameserver 81.169.163.106
nameserver 81.169.148.34

and

Quote:

h1550830:/etc/apache2/sites-available# cat /etc/hosts
127.0.0.1 localhost
85.214.146.68 h1550830.stratoserver.net h1550830

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

that looks ok to me.
I thought its an issue with

Quote:

server: _, request: "GET /server-status?auto HTTP/1.1",

so here is my server-status config:

Quote:

h1550830:/etc/apache2/sites-available# cat /etc/apache2/mods-enabled/status.conf
<IfModule mod_status.c>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost 127.0.0.1
</Location>
</IfModule>

is that ok that the deny is before the allow?

[falko]

/etc/hosts and /etc/resolv.conf look ok to me as well as the server-status config.

Quote:

2010/10/23 04:20:05 [error] 28148#0: *7 localhost could not be resolved (5: Operation refused), client: 127.0.0.1, server: _, request: "GET /server-status?auto HTTP/1.1", host: "localhost"

I think the problem is that localhost cannot be resolved for some reason (although it's in /etc/hosts).

[Ovidiu]

just had an idea:

I could isntall nginx according to the howto on my live server but keep it running on port 82 and don't change anything within ispcfg or apache. so for testing purposes I can use it the other way around, proxyaing everything to apache on port 80 so I can test without any drawback to any visitors...

maybe we can figure out what is goign wrong here?
If that is an option please let me know and I'll put it all in palce and give you any log files you need to see...

[Ovidiu]

I might have another idea, I found this inside an error log:

Quote:

[Thu Oct 28 05:33:04 2010] [error] [client 209.172.57.205] ALERT - tried to register forbidden variable '_SERVER[DOCUMENT_ROOT]' through GET variables (attacker '209.172.57.205', file '/var/www/clients/client1/web7/web/index.php')

could this be the reason why the localhsot couldn't be resolved? Suhosin?

[falko]

Quote:

Originally Posted by Tenaka

could this be the reason why the localhsot couldn't be resolved? Suhosin?

I don't think it has anything to do with it, but you could switch off Suhosin for testing purposes.

[Ovidiu]

would like to try that but can't find info on how to disable suhosin for a particular vhost. any help here?

[falko]

I'd disable it globally for the server.

[Ovidiu]

got it working wit ha few little mods:

changed:

Quote:

RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOU_IP_ADDRESS

into

Quote:

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOU_IP_ADDRESS

and

Quote:

server {
listen 80 default;
server_name _;
server_name_in_redirect off;
resolver 127.0.0.1;
#### www. redirect - all domains starting with www will be redirected to http://domain. ####
if ($host ~* ^(www\.)(.+)) {
set $rawdomain $2;
rewrite ^/(.*)$ http://$rawdomain/$1 permanent;
}
access_log /var/log/ispconfig/httpd/$host/access.log;
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|d oc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js |swf|flv|html|htm|mp3)$ {
root /var/www/$host/web;
access_log off;
expires 30d;
}
location / {
root /var/www/$host/web;
index index.html index.htm index.php;
access_log off;
proxy_pass http://$host:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

into

Quote:

server {
listen my_IP:80 default;
server_name _;
server_name_in_redirect off;
resolver 127.0.0.1;
#### www. redirect - all domains starting with www will be redirected to http://domain. ####
if ($host ~* ^(www\.)(.+)) {
set $rawdomain $2;
rewrite ^/(.*)$ http://$rawdomain/$1 permanent;
}
access_log /var/log/ispconfig/httpd/$host/access.log;
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|d oc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js |swf|flv|html|htm|mp3)$ {
root /var/www/$host/web;
access_log off;
expires 30d;
}
location / {
root /var/www/$host/web;
index index.html index.htm index.php;
access_log off;
proxy_pass http://my_IP:82;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

does anyone see anything wrong with that? will post the question in the nginx forums too and report back here.
currently nginx is running on port 82 and proxying back to apache2 on port 80 for testing purposes.
once I got the confirmation from the nginx forums that that is ok I'll go live with it.
Besides still got some open questions listed in my first post in this thread, i.e. about why the logging seems to be turned off in this config?

[Ovidiu]

some more progress:

made some more progress with the help of some guys on IRC it seems these lines work:

Quote:

listen 80 default;
proxy_pass http://127.0.0.1:82;

as 127.0.0.1 is enough, no need to use $host there as this is a reverse proxy, nginx and apache2 are on the same box.

and another suggestion to solve the www vs non-www problem was something like this:

Quote:

set $site_dir $host; if ($host ~ ^www\.(.*)) { set $site_dir $1; } root /var/www/$site_dir/web;

but I can't put it togetehr alone. also would it not need an else statement to keep

Quote:

root /var/www/$host/web;

in case the non-www version was called?