Please help with Apache virtual servers and DNS trouble (I think)
freebsd at boosten.org
freebsd at boosten.org
Fri Nov 20 17:16:34 UTC 2020
> Op 20 nov. 2020, om 16:10 heeft Dale Scott <dalescott at shaw.ca> het volgende geschreven:
> I am rebuilding my fbsd-11 server after the system drive failed. I had been using Apache virtual servers to serve several web apps on port 80, with a single wildcard DNS entry from No-IP. The server also hosted a Linux vm running in vbox, and used the vbox NAT to forward vm port 80 to host 8080, and vm port 22 to host 3022. This worked well as I only have one IP address from my ISP. The virtual hosts are accessed normally e.g. www.dalescott.net (WordPress), mantisbt.dalescott.net, timetracker.dalescott.net..., I can ssh to the vm on port 3022, and the vm web server is accessed with port number i.e. http://dalescott.net:8080.
Clear so far. I use the same setup (although I’m not forwarding anything to a different port, 443 on my firewall is 443 on my webserver (which is a jail on my freebsd server).
> Then the system drive failed and it seemed a good time to re-build it with fbsd-12, and switch at least some of the web apps (not the vm) to https with LetsEncrypt certs. My understanding of LetsEncrypt (and certbot and the Apache certbot plugin) is that subdomain DNS entry will be required for each Apache virtual server that will https.
LetsEncrypt version 2 support wildcard certificates. So with one certificate you can serve www.domain.tld <http://www.domain.tld/>, blah.domain.tld and hurray.domain.tld. However, in order to reach your virtual server mantisbt.dalescott.net <http://mantisbt.dalescott.net/> you will have to have a DNS record for that host (not subdomain), this can be an A record or a CNAME. Of course you can use a wildcard.
> So I removed the wild card from my dalescott.net DNS entry and configured new subdomain DNS entries for the Apache virtual servers. However I didn't create certificates or change Apache httpd-vhosts.conf, and I'm still not trying to serve anything but pure http on port 80.
What do you mean with ’subdomain’? A subdomain would mean something like ’servers.dalescott.net’ in your case, and your mantisbt server would then be reachable as mantisbt.servers.dalescott.net <http://mantisbt.servers.dalescott.net/>. So please elaborate.
> The problem is that I can access all my virtual servers and ssh to the vm using port 3022, but I get a "no server response" error in the browser when trying to access the vm web server on port 8080.
Is it not that your browser expects https and you get http (or vice versa)?
What does your apache logging say?
It never hurts to help — Eek!
More information about the freebsd-questions