Re: [users@httpd] apache 2.4 virtualhosts
On Fri, Mar 16, 2012 at 4:08 AM, Brett @Google brett.maxfi...@gmail.com wrote: VirtualHost *:80 # This first-listed virtual host is also the default for *:80 ServerName www.example.com ServerAlias example.com *.example.com DocumentRoot /www/domain /VirtualHost VirtualHost *:80 ServerName other.example.com DocumentRoot /www/otherdomain /VirtualHost Above is not correct, as other.example.com would never have a chance to match in the second virtualhost, only the first virtualhost because of the wildcard which matches anything that ends in *.example.com, it never will even examine the next virtualhost. I'm surprised to find that serveralias seems to cover up a match for ServerName, but this isn't a difference in 2.4 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
I'm just saying the documentation of the new matching scheme is deceptive, not that any code should be changed.. Operative point I'm trying to make is that there should not be a new matching scheme -- at best only new doc that didn't get backported since it also dropped _default_ and NameVirtualHost which we're saying were basically unnecessary. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
On Fri, Mar 16, 2012 at 6:41 PM, Eric Covener cove...@gmail.com wrote: I'm just saying the documentation of the new matching scheme is deceptive, not that any code should be changed.. Operative point I'm trying to make is that there should not be a new matching scheme -- at best only new doc that didn't get backported since it also dropped _default_ and NameVirtualHost which we're saying were basically unnecessary. Completely agree.. In the end, my only point is that the example in the doc is counter to actual behavior, not proposing any code changes :) A doc change would prevent 2.4 nu bee problems in future .. Cheers Brett -- The only thing that interferes with my learning is my education. Albert Einstein - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
On Thu, Mar 15, 2012 at 7:37 PM, Tom Evans tevans...@googlemail.com wrote: Ideally i'd like to do something like (whihc i could do in apache 2.2 - by virtue of NameVirtualHost, and grouping by IP with one as the default) : # serve a we dont host this web site error message by default for *.example.com VirtualHost revproxy.internal:80 ServerAlias *.example.com RewriteRule ^/ /bad_host_error_page.html [L] /VirtualHost # content for test.example.com VirtualHost revproxy.internal:80 ServerName test.example.com ProxyPass / test.someserver.internal ProxyPassReverse / test.someserver.internal /VirtualHost # content for test2.example.com VirtualHost revproxy.internal:80 ServerName test2.example.com ProxyPass / test2.someserver.internal ProxyPassReverse / test2.someserver.internal /VirtualHost # serve a we dont host this web site error message by default for *.example.net VirtualHost revproxy.internal:80 ServerAlias *.example.net RewriteRule ^/ /bad_host_error_page.html [L] /VirtualHost # content for test.example.net VirtualHost revproxy.qgdevcore.govnet.internal:80 ServerName test.example.net ProxyPass / test.someotherserver.internal ProxyPassReverse / test.someotherserver.internal /VirtualHost # content for test2.example.net VirtualHost revproxy.qgdevcore.govnet.internal:80 ServerName test2.example.net ProxyPass / test2.someotherserver.internal ProxyPassReverse / test2.someotherserver.internal /VirtualHost [.. etc ..] I'm guessing that apache 2.4 does not search for more specific ServerName if it matches a wildcard ServerAlias ? I'd like it to work like the docs state, ideally.. Cheers Brett Any reason why you aren't using the standard recipe? VirtualHost *:80 # This is the first vhost, and hence the default vhost. # Anything not matched by another vhost goes here # Note, no server name or server alias /VirtualHost VirtualHost *:80 ServerName foo.example.com /VirtualHost VirtualHost *:80 ServerName foo.example.com /VirtualHost primarily we want reject clearly which server names we respond to or not, and we don't want to have to run an excessive number of Apache instances. we are also not responsible for the back end servers to whom we redirect, so connectivity to particular entities is already difficult enough, we want to simplify our config as much as possible so adding of new reverse proxies is as reproducible and as error free as we can make it. generally as a rule for backend server for which we are not responsible, we want a custom error page for the bad gateway error that points backend connectivity errors to the the support team of that server. we also now have a very large number of virtualhosts we need to migrate over which are structured based of the 2.0 / 2.2 NameVirtualHost paradygm, to something that is not 1:1 compatible with the NameVirtualHost pattern. the documentation says that you can have a mix of *.example.com ServerAliases and foo.example.com ServerNames, but expermentation has shown that a foo.example.com will always be mapped to the *.example.com serveralias. we have many reverse proxies for inter connectivity, upwards of 30-40, but generally we have 3-4 Apache instances with 8-10 listening ip's each (presently each a NameVirtualHost - with multiple virtualhosts), grouped by service agreement or owner of the backend server(s) to which we redirect traffic. having 30 or 40 seperate apache instances would create a very large memory footprint, that would use excessive server resources for no good reason.. our internal charging model penalizes excessive resource consumption. if the docs were true, we could simulate the old structure by having a wildard virtualhost for each NameVirtualHost default server and error pages for of each group of related customers, in other words we would have a config migration path. my current thought is to have a default container for each ip (currently are NameVirtualHost's), which does both proxy_express style reverse proxies and custom error page, with a standard reverse proxy behavior configured by the map file, and more specific or non-standard server names added as additional virtual hosts on the same ip (such as servers splitting the url space to multiple back end servers). it seems apache 2.4 is a big change in paragdym, in the sense of now having only one global default container, whereas it was possible to have one default container for each NameVirtualHost ip before. a map file, configuring maybe 80% of the typical reverse proxy style, will be simpler to modify and maintain, and only the non-standard reverse proxy styles would need to have bespoke virtualhosts / reverse proxy configs. i have configured a test apache instance, with a default container that does custom error pages for *.myserver.com, a default proxy_express behavior configured by a map file, and can have other virtualhosts that override the default, but i
Re: [users@httpd] apache 2.4 virtualhosts
If i comment out ServerAlias *.example.com traffic to test.example.com goes to the more specific container and others to the default, but only because revproxy.internal is also the name of the server in the global server configuration, so the first virtualhost also happens to be the default server int he global sense which is what happens because no ServerName/ServerAlias is matched in the VirtualHosts. I think this might be where you're misunderstanding the algorithm. If the local address and port matches any resolved argument to any virtualhost, it will never use the base server configuration. Once you've found the best match for a addr:port, httpd chooses from the virtual hosts with that exact argument in them. Then servername from that set If not found, then serveralias from that set If not found, then default to the first-listed of that set. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Is order significant ? In your example it checks in the virtual hosts matching ip:port in config file order : 1. ServerName www.example.com 2. ServerName gone.example.com 3. ServerName forbidden.example.com ServerAlias *.example.com The wildcard is last in your example, in mine it is first. Is it as simple as changing the order so more specific non-wildcard servernames match first and the wildcard last ? Bummer :) If so, the example at http://httpd.apache.org/docs/2.4/vhosts/name-based.html says : VirtualHost *:80 # This first-listed virtual host is also the default for *:80 ServerName www.example.com ServerAlias example.com *.example.com DocumentRoot /www/domain /VirtualHost VirtualHost *:80 ServerName other.example.com DocumentRoot /www/otherdomain /VirtualHost It should probably say : VirtualHost *:80 ServerName other.example.com DocumentRoot /www/otherdomain /VirtualHost VirtualHost *:80 # This first-listed virtual host is also the default for *:80 ServerName www.example.com ServerAlias example.com *.example.com DocumentRoot /www/domain /VirtualHost That makes sense to me, if it is true.. if not i'll ponder it awhile and post some specific 2.2 and 2.4 configs tomorrow. I appreciate your help :) Cheers Brett On Thu, Mar 15, 2012 at 11:56 PM, Eric Covener cove...@gmail.com wrote: I'm guessing that apache 2.4 does not search for more specific ServerName if it matches a wildcard ServerAlias ? Not sure I'm following what's behaving different. Can you simplify your example/claim in both releases? I couldn't get an unexpected result: virtualhost localhost:80 ServerName www.example.com /virtualhost virtualhost localhost:80 ServerName gone.example.com RewriteEngine on RewriteRule .* - [G] /virtualhost virtualhost localhost:80 ServerName forbidden.example.com ServerAlias *.example.com RewriteEngine on RewriteRule .* - [F] /virtualhost covener@cov-t61p:~/SRC/httpd-2.4.x$ printf GET / HTTP/1.1\r\nHost: forbidden.example.com\r\n\r\n | nc 0 80 HTTP/1.1 403 Forbidden Date: Thu, 15 Mar 2012 13:54:10 GMT Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e Content-Length: 202 Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p /body/html covener@cov-t61p:~/SRC/httpd-2.4.x$ printf GET / HTTP/1.1\r\nHost: gone.example.com\r\n\r\n | nc 0 80 HTTP/1.1 410 Gone Date: Thu, 15 Mar 2012 13:54:13 GMT Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e Content-Length: 295 Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title410 Gone/title /headbody h1Gone/h1 pThe requested resourcebr //br / is no longer available on this server and there is no forwarding address. Please remove all references to this resource./p /body/html covener@cov-t61p:~/SRC/httpd-2.4.x$ printf GET / HTTP/1.1\r\nHost: foo.example.com\r\n\r\n | nc 0 80 HTTP/1.1 403 Forbidden Date: Thu, 15 Mar 2012 13:54:18 GMT Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e Content-Length: 202 Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p /body/html covener@cov-t61p:~/SRC/httpd-2.4.x$ printf GET / HTTP/1.1\r\nHost: www.example.com\r\n\r\n | nc 0 80 HTTP/1.1 200 OK Date: Thu, 15 Mar 2012 13:55:22 GMT Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT ETag: 2d-4b1790ff95400 Accept-Ranges: bytes Content-Length: 45 Content-Type: text/html htmlbodyh1It works!/h1/body/html covener@cov-t61p:~/SRC/httpd-2.4.x$ printf GET / HTTP/1.1\r\nHost: bar.com\r\n\r\n | nc 0 80 HTTP/1.1 200 OK Date: Thu, 15 Mar 2012 13:56:06 GMT Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT ETag: 2d-4b1790ff95400 Accept-Ranges: bytes Content-Length: 45 Content-Type: text/html htmlbodyh1It works!/h1/body/html - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- The only thing that interferes with my learning is my education. Albert Einstein - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
On Thu, Mar 15, 2012 at 10:24 AM, Brett @Google brett.maxfi...@gmail.com wrote: Is order significant ? I think order is only significant in these cases: 1) the first-listed is the default if no name/alias match 2) if you have duplicate servername/servername or serveralias/serveralias [untested, presuming consistent results] In your example it checks in the virtual hosts matching ip:port in config file order : 1. ServerName www.example.com 2. ServerName gone.example.com 3. ServerName forbidden.example.com ServerAlias *.example.com The wildcard is last in your example, in mine it is first. Is it as simple as changing the order so more specific non-wildcard servernames match first and the wildcard last ? Bummer :) I'm not sure about wildcard serverlias in first-listed vhost. It's _already_ the default for anything that doesn't match another serveralias or servername, so you may be covering up subsequent specific serveraliases with this wildcard serveralias. Does that maybe explain the symptom? I don't think we'll work hard to find a better serveralias but I have never looked at that part of the resolution. It would be nice to document that final part. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
On Fri, Mar 16, 2012 at 12:38 AM, Eric Covener cove...@gmail.com wrote: In your example it checks in the virtual hosts matching ip:port in config file order : 1. ServerName www.example.com 2. ServerName gone.example.com 3. ServerName forbidden.example.com ServerAlias *.example.com The wildcard is last in your example, in mine it is first. Is it as simple as changing the order so more specific non-wildcard servernames match first and the wildcard last ? Bummer :) I'm not sure about wildcard serverlias in first-listed vhost. It's _already_ the default for anything that doesn't match another serveralias or servername, so you may be covering up subsequent specific serveraliases with this wildcard serveralias. Does that maybe explain the symptom? I think so. This is a paradigm shift for people using NameVirtualHost a.b.c.d and taking advantage of the old default per-ip container for virtualhost patterns matching a.b.c.d. on the same port. The wildcard in the first container is what is causing the problem for me. Likewise i think i could simulate multiple default sections in apache 2.4 by having the default section i have with the wildcard, but with a wildcard serveralias after all the higher priority ServerNames in that group of vhosts, so that the behavior is similar to the old 2.2 notion of NameVirtualHost. I don't think we'll work hard to find a better serveralias but I have never looked at that part of the resolution. It would be nice to document that final part. Yes i'd agree that there is no need for a code change, a doco change would solve the problem. Once people using NameVirtualHost start moving to 2.4 on masse, it might pop up more often. Cheers Brett -- The only thing that interferes with my learning is my education. Albert Einstein - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
I think so. This is a paradigm shift for people using NameVirtualHost a.b.c.d and taking advantage of the old default per-ip container for virtualhost patterns matching a.b.c.d. on the same port. The wildcard in the first container is what is causing the problem for me. In 2.4, the only intended difference is that: * overlaps in virtualhosts creates a corresponding NVH implicitly, rather than complaining that one is an unreachable non-NVH * _default_ and * are the same Do you have a concise 2.2 config that behaves differently in 2.4 and didn't generate warnings in 2.2? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] apache 2.4 virtualhosts
Hello, There is an example at : http://httpd.apache.org/docs/2.4/vhosts/name-based.html VirtualHost *:80 # This first-listed virtual host is also the default for *:80 ServerName www.example.com ServerAlias example.com *.example.com DocumentRoot /www/domain /VirtualHost VirtualHost *:80 ServerName other.example.com DocumentRoot /www/otherdomain /VirtualHost I configured something similar, like : UseCanonicalName Off # serves a we dont host this web site error message by default VirtualHost revproxy.internal:80 ServerName revproxy.internal ServerAlias *.example.com # if enabled snarfs all traffic, even test.example.com RewriteRule ^/ /bad_host_error_page.html [L] /VirtualHost # serves content for test.example.com VirtualHost revproxy.internal:80 RewriteEngine on ServerName test.example.com ProxyPass / test.someserver.internal ProxyPassReverse / test.someserver.internal /VirtualHost The documented becaviour does not seem to be correct. If i comment out ServerAlias *.example.com traffic to test.example.com goes to the more specific container and others to the default, but only because revproxy.internal is also the name of the server in the global server configuration, so the first virtualhost also happens to be the default server int he global sense which is what happens because no ServerName/ServerAlias is matched in the VirtualHosts. This could only be done once per apache instance, whereas previously it could be done once for every NameVirtualHost IP that belongs to an apache instance. Ideally i'd like to do something like (whihc i could do in apache 2.2 - by virtue of NameVirtualHost, and grouping by IP with one as the default) : # serve a we dont host this web site error message by default for *.example.com VirtualHost revproxy.internal:80 ServerAlias *.example.com RewriteRule ^/ /bad_host_error_page.html [L] /VirtualHost # content for test.example.com VirtualHost revproxy.internal:80 ServerName test.example.com ProxyPass / test.someserver.internal ProxyPassReverse / test.someserver.internal /VirtualHost # content for test2.example.com VirtualHost revproxy.internal:80 ServerName test2.example.com ProxyPass / test2.someserver.internal ProxyPassReverse / test2.someserver.internal /VirtualHost # serve a we dont host this web site error message by default for *.example.net VirtualHost revproxy.internal:80 ServerAlias *.example.net RewriteRule ^/ /bad_host_error_page.html [L] /VirtualHost # content for test.example.net VirtualHost revproxy.qgdevcore.govnet.internal:80 ServerName test.example.net ProxyPass / test.someotherserver.internal ProxyPassReverse / test.someotherserver.internal /VirtualHost # content for test2.example.net VirtualHost revproxy.qgdevcore.govnet.internal:80 ServerName test2.example.net ProxyPass / test2.someotherserver.internal ProxyPassReverse / test2.someotherserver.internal /VirtualHost [.. etc ..] I'm guessing that apache 2.4 does not search for more specific ServerName if it matches a wildcard ServerAlias ? I'd like it to work like the docs state, ideally.. Cheers Brett -- The only thing that interferes with my learning is my education. Albert Einstein - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org