Wrong site for given URL

Discussion in 'ISPConfig 3 Priority Support' started by downsouth, May 7, 2018.

  1. downsouth

    downsouth New Member

    I set up a new client and site. When entering this new URL I landed up on a different site. I assume that for some reason the web server cannot find the new site.
    I am not sure why it is happening. I have set up 3 other sites and they are all working fine.
    It is working correctly now - perhaps DNS propagation?

    How to handle this correctly?
    I assume that the server is using the first site alphabetically when it cannot find the correct one?
    I tried to set up a dummy site with a domain of aaaa.com hoping that it would choose this page. Unfortunatly it keeps choosing a different page. How can I force it to go to some sort of default page if the requested URL is not found on the server?
     
    Last edited: May 7, 2018
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Ensure that you do not mix * and IP address in websites, use either * or the IP for all sites.
    2) When you use SSL, then ensure that all sites on the same Ip use SSL.
    3) Create a default site. e.g. 000default.tld should work as domain name.
     
  3. downsouth

    downsouth New Member

    Thank you. I was unaware of the ip vs * but now I have them all the same :)
     
  4. downsouth

    downsouth New Member

    Ignore this post. Am still investigating and I did not see a delete option for post

    Hi
    I am using the hosts file on my PC to get to a site which has no dns pointing to it. I am now getting the same wrong site as above. It did not go to the dummy site named 000default.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    If all 3 points I listed above are correct for all sites incl. the dummy site, then it should work.
     
  6. downsouth

    downsouth New Member

    You are correct about the 3 points. But the problem is if one of those items is not correct then it goes to a different clients web site.
    It is not going to a default / generic page even though I have tried aaa.tld 000default.tld etc
    How to I get it to go to a default page where I can put some standard message?

    The reason why the 3 things are not correct is because a new domain cannot have a certificate until the domain is public on the net. But by this stage it is possible that someone is already trying to access it
     
  7. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    put your default vhost config for http and https into (debian) /etc/apache2/conf-enabled/ .
    apache2.conf includes configs from conf enabled just before the sites enabled thus it should be guaranteed your generic vhosts will be the "default".

    I'm on a run I'll go check http://httpd.apache.org/docs/2.4/vhosts/details.html later to see wether I missed something
     
  8. downsouth

    downsouth New Member

    There is currently no apache2.conf in that directory. Is that correct?
    So you are suggesting that I create on?
     
  9. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    It depends on your operating system - I'm heavily using deb based where I have a folder structure like that.
    rpm might have a httpd.conf somewhere else.

    If you see the dirs sites-enabled/conf-enabled - they're not supposed to have apache2.conf in there but in the parent dir /etc/apache2/.

    However, the importang thing is to specify your default vhosts ( http and https ) before any other vhost gets read. A hack would be to include the vhosts after / while reading the config and before reading the other sites-enabled.

    mv sites-enabled/000-default.vhost to conf-enabled/000-default.conf

    ( files with .vhost extension might not be read in conf-enabled file )
     
  10. downsouth

    downsouth New Member

    I am not sure if I understand you correctly. You are saying I must move a .vhost to a .conf?
    I currently have no way of testing if this will work. It only happened when the site had been created and the DNS was set up but the Lets Encrypt certificate had not been installed yet.
    I tried testing it by setting a subdomain on DNS to point to a site that was not set up on the web server , but then it land on the default Apache page.
    After some searching regarding this problem, I ran this command: apache2ctl -S
    And it shows that it is pointing to the wrong site as default. Here is the result
    Code:
    *:443                  is a NameVirtualHost
             default server clientsite.com (/etc/apache2/sites-enabled/100-clientsite.com.vhost:109)
     
  11. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    you need a default site each for *.80 and for *:443 ( http and https ).
    the default page is the first vhost configuration apache can find, different for 80 and 443. This is why you had issues only until the LE cert went live.

    What I meant with moving .vhost to .conf:
    Apache comes preconfigures including any file with the .vhost extensions from sites-enabled directory and any file with .conf extension from conf-enabled directory in debian/ubuntu.
    Since it includes the configuration before the vhost files you could create your default vhosts in the conf-enabled directory to make sure they are the first sites == default pages.
    But to make apache read the default vhosts from the conf-enabled directory, you'd need to use the .conf extension since on default it does not include *.vhost in conf-enabled directory.

    part of typical apache2.conf for debian
    Code:
    # Include generic snippets of statements
    IncludeOptional conf-enabled/*.conf
    
    # Include the virtual host configurations:
    IncludeOptional sites-enabled/
    
    
     
  12. downsouth

    downsouth New Member

    Thanks for your help.
    So I will move the .vhost file and re-name it to .conf?
    So does Apache accept the vhost file layout even if it is renamed conf?
     
  13. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    yes, and create a default host for SSL aswell, which gets shown until the domain gets its ssl-configuration.
    Yes, apache will parse it just fine.

    Edit: And depenging on how much you care ( testing purposes, dunno ) the default vhost :443 doesn't really need to have valid ssl certs it might get some warnings in browsers but at least it's a default page and... since technically the domain owner needs domain cert and user sees it because of not configured but existing domain ...... if you would put up a valid cert there somehow ... well there was a company playing man in the middle pretending to be amazon.com or whatever you visited - just to show ads :D ....
    nutshell: port 443 config doesn't need to be valid, just the first beeing parsed.
     
    Last edited: May 9, 2018
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    What I find a bit strange is that creating a 000default.tld website in ISPConfig did not work for you as it does exactly the same that @ztk.me described, it creates a vhost that is loaded first by apache and nginx, just automatically. The vhost is in sites-enabled, but it does not matter here as conf-enabled conatisn no vhosts and the 000default.tld site is always the first vhost of the system. I use that method on all own and client servers and it works on all of them.
     
  15. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    @till yeah it should work, I do have a 000-default. in my sites-enabled but sometimes it just fails for me, so there can be an issue for some reason ( I assume: issue.owner is human ;) ) but having default vhosts in config-enabled leads to:

    + easy known access without lookin around why one has a different than the other color on a color bash .... b/c ln -s
    + no apt asking wether to keep the changed default page when upgrading ( automated or user, profit )
    - looks ugly
    + defnitly should work (tm)
     
  16. downsouth

    downsouth New Member

    Hi
    Ok I had to copy the files not move them. Also had to create sym links.
    Now the apache2ctl -S shows the desired redsults.
    Perhaps this can be done by Ispconfig in a future version?
    Thanks for all your help.
     
  17. downsouth

    downsouth New Member

    Just one other thing which might help you figure out why this happens some times...
    When I created the dummy site and clicked on the check box for ssl and lets encrypt, it does not create the certificate because it is not a real domain. Because of this the vhost file contains *:80 not *:443. So unless one manually edits the vhost the https configuration might still not send you to the dummy vhost.
     
    ztk.me likes this.
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    You shall not create an LE SSL cert for the dummy site, you shall create a normal one on the SSL tab.
     
  19. downsouth

    downsouth New Member

    I have just figured out how to test it.
    Set up a subdomain on your dns and wait until it has propagated. In Ispconfig set up the a sub domain and check the Lets encrypt option. It will now go to the 'default' site
     
  20. downsouth

    downsouth New Member

    I am sure you are correct but I was unaware thats what I should have done - my bad :(. But in affect this is what possibly happens in real life....
    In Ispconfig I set up the site and checked SSL and lets encrypt. I then went to external DNS server set up site.
    Lets encrypt did not work because the dns was not done yet so the above is the result.
    Perhaps Ispconfig should not enable checkboxes if it is not yet a FQDN?
     

Share This Page