HTTPS only

Discussion in 'Server Operation' started by alphaman36, Sep 2, 2012.

  1. alphaman36

    alphaman36 New Member

    I have a problem that I can't figure out. I have everything running as far as DNS goes. I have an A record for www that points to my public IP. The problem that I have is that I created a new site nothing special, (wordpress) no SSL settings set nothing. The only port that the site seems to respond to is 443 and not 80. What am I missing?

    Ok, I have that one figured out. Turned out to be a intrusion prevention rule on my fireall.
    However, I still have a problem. I can't access the web site from out side of the network even though an NSLOOKUP returns the correct address. So my question is do I need to change the www A record to point to the internal address of the web site or do I create an A record for the hots using the public address or do I create an A record for the host using the private address?

    Well, after more working with it, my firewall is setup right now, but the web site will still only respond to https requests and not http requests. Is there something I am missing in side of the website? I don't have ssl enabled
     
    Last edited: Sep 3, 2012
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Use the public IP.

    Can you post the outputs of
    Code:
    iptables -L
    and
    Code:
    netstat -tap
    ?
     
  3. alphaman36

    alphaman36 New Member


    Do I want to run these commands on the firewall or on the DNS server or ISP config webserver?
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    On the ISPConfig server and the firewall.
     
  5. alphaman36

    alphaman36 New Member

    Hi falko, I got it figured out. It wasn't a problem with ISP Config it did turn out to be a problem with the firewall. Even though the DNAT and inbound rules were correct, the web proxy was getting it. By default my firewall proxies LAN and WAN interface, even though the WAN interface is not listed in the proxy list. All I had to do was to physically add the WAN interface then remove it, then the web site was visible to the outside world.

    I do have one question about DNS. I have two DNS servers that reside behind the same IP. the second name server is in mirror mode to the first one. Do I only port forward to the first DNS server and leave forwarding closed for the second one or do I port forward to both of them?
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You can forward a port to just one server. BTW, it doesn't make much sense to have two nameservers running on the same because that doesn't provide redundancy.
     
  7. alphaman36

    alphaman36 New Member

    I agree, that's where I was thinking of using DNS buddy or Xname to provide the redundancy with two or three more name server
     

Share This Page