Thank you.
I have tried running curl -4 http://www.jetbbs.com/.well-known/test.html
and curl -6 http://www.jetbbs.com/.well-known/test.html
I'm posting a copy of the httpd -S output.
httpd -S
VirtualHost configuration:
45.33.78.219:80 is a NameVirtualHost
default server 45.33.78.219 (/etc/apache2/conf/httpd.conf:240)
port 80 namevhost 45.33.78.219 (/etc/apache2/conf/httpd.conf:240)
port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281)
port 80 namevhost cpcalendars.jetbbs.com
(/etc/apache2/conf/httpd.conf:345)
port 80 namevhost cpcontacts.jetbbs.com
(/etc/apache2/conf/httpd.conf:409)
port 80 namevhost webdisk.jetbbs.com
(/etc/apache2/conf/httpd.conf:473)
port 80 namevhost webmail.jetbbs.com
(/etc/apache2/conf/httpd.conf:537)
port 80 namevhost cpanel.jetbbs.com
(/etc/apache2/conf/httpd.conf:601)
port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665)
45.33.78.219:443 is a NameVirtualHost
default server jetbbs.com (/etc/apache2/conf/httpd.conf:732)
port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732)
port 443 namevhost cpcalendars.jetbbs.com
(/etc/apache2/conf/httpd.conf:812)
port 443 namevhost cpcontacts.jetbbs.com
(/etc/apache2/conf/httpd.conf:892)
port 443 namevhost webdisk.jetbbs.com
(/etc/apache2/conf/httpd.conf:972)
port 443 namevhost webmail.jetbbs.com
(/etc/apache2/conf/httpd.conf:1052)
port 443 namevhost cpanel.jetbbs.com
(/etc/apache2/conf/httpd.conf:1132)
port 443 namevhost whm.jetbbs.com
(/etc/apache2/conf/httpd.conf:1212)
[2600:3c03::f03c:91ff:fee0:11b4]:80 is a NameVirtualHost
default server jetbbs.com (/etc/apache2/conf/httpd.conf:281)
port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281)
port 80 namevhost cpcalendars.jetbbs.com
(/etc/apache2/conf/httpd.conf:345)
port 80 namevhost cpcontacts.jetbbs.com
(/etc/apache2/conf/httpd.conf:409)
port 80 namevhost webdisk.jetbbs.com
(/etc/apache2/conf/httpd.conf:473)
port 80 namevhost webmail.jetbbs.com
(/etc/apache2/conf/httpd.conf:537)
port 80 namevhost cpanel.jetbbs.com
(/etc/apache2/conf/httpd.conf:601)
port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf:665)
[2600:3c03::f03c:91ff:fee0:11b4]:443 is a NameVirtualHost
default server jetbbs.com (/etc/apache2/conf/httpd.conf:732)
port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732)
port 443 namevhost cpcalendars.jetbbs.com
(/etc/apache2/conf/httpd.conf:812)
port 443 namevhost cpcontacts.jetbbs.com
(/etc/apache2/conf/httpd.conf:892)
port 443 namevhost webdisk.jetbbs.com
(/etc/apache2/conf/httpd.conf:972)
port 443 namevhost webmail.jetbbs.com
(/etc/apache2/conf/httpd.conf:1052)
port 443 namevhost cpanel.jetbbs.com
(/etc/apache2/conf/httpd.conf:1132)
port 443 namevhost whm.jetbbs.com
(/etc/apache2/conf/httpd.conf:1212)
*:* franklin.jetbbs.com
(/etc/apache2/conf/httpd.conf:260)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/etc/apache2/htdocs"
Main ErrorLog: "/etc/apache2/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: dir="/run/apache2" mechanism=fcntl
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex rewrite-map: dir="/run/apache2" mechanism=fcntl
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/run/apache2/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="nobody" id=99
Group: name="nobody" id=99
I think we figured this out. That default server 45.33.78.219 for
45.33.78.219:80 is the key. If I run curl -S
http://www.jetbbs.com/.well-known/test.html on the server running Apache, I
finally see the franklin.jetbbs.com-test file. If I run curl -S
https://www.jetbbs.com/.well-known/test.html, I see the jetbbs.com-test
file. If I run the -6, I see the jetbbs.com-test file. It seems that
default server for port 80 is only there for port 80 and not port 443.
This is probably why I'm failing my security scan. I'm not redirecting
all traffic to port 443. I want to be. I used rewrite rules and as far
as I could tell, I was. But that default server 45.33.78.219 (IPv4) stuff
isn't getting redirected. I'm guessing that was added by cPanel. I need
to find away to redirect that now to port 443. I can't just add an entry
in the .htaccess file under /var/www/html because cPanel says those files
can get deleted at any time.
Thank you so much for helping me finally understand what's going on!!!
You were correct, it's not a bug with Apache. This was a real big head
scratcher for me, I really appreciate it!!!!!!
On Sun, Feb 5, 2017 at 11:03 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
> The next thing that comes to mind is your IPv6 virtual host. None of my
> webservers currently have IPv6 enabled, so I can't test this.
> Try to force the connection to use IPv4 or IPv6 and see if that makes a
> difference.
>
> You can try running httpd -S on the webserver to get a list of virtual
> hosts by IP address which may also give you an idea of why a particular
> virtual host is selected.
>
> - Y
>
> On Sun, Feb 5, 2017 at 9:10 PM, Spork Schivago <sporkschiv...@gmail.com>
> wrote:
>
>> Okay. I've been able to reproduce the results. I removed the two
>> ServerAlias www.jetbbs.com entries (one for port 80 and the other for
>> port 443). To prevent confusion, I'll tell my hostnames.
>>
>> Eugene: My local machine that I use to surf the internet
>> Franklin: My VPS that runs Apache.
>>
>> on Franklin, I run dig www.jetbbs.com, I see:
>>
>> dig www.jetbbs.com
>>
>> ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> www.example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17479
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;www.jetbbs.com. IN A
>>
>> ;; ANSWER SECTION:
>> www.jetbbs.com. 14120 IN A 45.33.78.219
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 96.126.106.5#53(96.126.106.5)
>> ;; WHEN: Sun Feb 05 20:59:22 EST 2017
>> ;; MSG SIZE rcvd: 59
>>
>>
>>
>>
>> On Eugene (my local machine), I run dig www.jetbbs.com, I see:
>> dig www.jetbbs.com
>>
>> ; <<>> DiG 9.10.4-P5 <<>> www.jetbbs.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34470
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 512
>> ;; QUESTION SECTION:
>> ;www.jetbbs.com. IN A
>>
>> ;; ANSWER SECTION:
>> www.jetbbs.com. 14399 IN A 45.33.78.219
>>
>> ;; Query time: 132 msec
>> ;; SERVER: 8.8.8.8#53(8.8.8.8)
>> ;; WHEN: Sun Feb 05 21:01:02 EST 2017
>> ;; MSG SIZE rcvd: 59
>>
>>
>>
>>
>> Here's what my /etc/hosts file looks like on Franklin:
>> # The following lines are desirable for IPv4 capable hosts
>> 127.0.0.1 localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
>> 2600:3c03::f03c:91ff:fee0:11b4 franklin
>> 45.33.78.219 franklin.jetbbs.com franklin
>>
>>
>>
>> Here's what my /etc/hosts file looks like on Eugene (my local machine):
>> # hosts This file describes a number of hostname-to-address
>> # mappings for the TCP/IP subsystem. It is mostly
>> # used at boot time, when no name servers are running.
>> # On small systems, this file can be used instead of a
>> # "named" name server.
>> # Syntax:
>> # IP-Address Full-Qualified-Hostname Short-Hostname
>> 127.0.0.1 localhost
>> # special IPv6 addresses
>> ::1 localhost ipv6-localhost ipv6-loopback
>> fe00::0 ipv6-localnet
>> ff00::0 ipv6-mcastprefix
>> ff02::1 ipv6-allnodes
>> ff02::2 ipv6-allrouters
>> ff02::3 ipv6-allhosts
>> 192.168.2.5 eugene eugene
>>
>>
>>
>>
>> I setup two test files that look like this:
>> /home/<username>/public_html/.well-known/test.html
>> www.jetbbs.com and jetbbs.com test
>>
>> /var/www/html/.well-known/test.html
>> franklin.jetbbs.com test
>>
>>
>> On Franklin, I run curl www.jetbbs.com/.well-known/test.html and see
>> this:
>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>> <html><head>
>> <title>301 Moved Permanently</title>
>> </head><body>
>> <h1>Moved Permanently</h1>
>> <p>The document has moved <a href="https://www.jetbbs.com/.
>> well-known/test.html">here</a>.</p>
>> </body></html>
>>
>>
>> So I run curl https://www.jetbbs.com/.well-known/test.html and see this:
>> jetbbs.com and www.jetbbs.com test
>>
>>
>> But on Eugene (my local machine), and everyone elses machine, when I run:
>> curl www.jetbbs.com/.well-known/test.html, I see:
>> franklin.jetbbs.com test
>>
>> I still don't fully understand why I'm seeing different results based on
>> whether I run the command on the server running Apache or whether I run it
>> on another machine. There's no www.jetbbs.com entry in the hosts file.
>> Is there some other place that might make it so when I'm logged into
>> Franklin, when I type www.jetbbs.com, something converts it to the IP
>> address of my server? If so, then I understand what's going on, if not,
>> I'm still confused.
>>
>> On Sun, Feb 5, 2017 at 8:27 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
>>
>>> If you want to provide your whole config file, I suggest creating a gist
>>> or pastebin post.
>>> You should also just run dig or host on the domain name from both
>>> machines and make sure you get the same results.
>>>
>>> - Y
>>>
>>> On Sun, Feb 5, 2017 at 8:25 PM, Spork Schivago <sporkschiv...@gmail.com>
>>> wrote:
>>>
>>>> So you don't think it's a bug in Apache? Okay. I only have two IP
>>>> addresses. One is an IPv4 IP address, one is an IPv6 IP address. When I
>>>> get some more time, I'll try some experimenting and see if I can duplicate
>>>> the issue. If it's okay with the mailing list, I'd like to provide a copy
>>>> of my entire Apache configuration file. I'd really like to try and
>>>> understand what exactly happened. There was no ServerName
>>>> www.example.com anywhere in the Apache config file, there was no
>>>> ServerAlias www.example.com in the Apache config file. I think I
>>>> might understand what you're saying.
>>>>
>>>> On the remote server, when I ran curl, maybe it converted
>>>> www.example.com to the IP address, so instead of going to
>>>> www.example.com, I was actually going to 192.168.2.2, for example.
>>>> I've looked at my hosts file, I have an entry for hostname.domain.com,
>>>> but nothing for www.domain.com.
>>>>
>>>> On Sun, Feb 5, 2017 at 7:38 PM, Yehuda Katz <yeh...@ymkatz.net> wrote:
>>>>
>>>>> This is a common enough setup that it is unlikely to be a bug and more
>>>>> likely to be a configuration error.
>>>>>
>>>>> cPanel creates VirtualHosts using the IP address of the server. For
>>>>> example, I have a cPanel server running behind NAT, so there are two
>>>>> default virtual hosts:
>>>>>
>>>>>> <VirtualHost 192.168.118.82:80>
>>>>>> ServerName 192.168.118.82
>>>>>> DocumentRoot /var/www/html
>>>>>> ServerAdmin hostmas...@example.com
>>>>>> <IfModule suphp_module>
>>>>>> suPHP_UserGroup nobody nobody
>>>>>> </IfModule>
>>>>>> </VirtualHost>
>>>>>> <VirtualHost *>
>>>>>> ServerName ph04.example.com
>>>>>> DocumentRoot /var/www/html
>>>>>> ServerAdmin hostmas...@example.com
>>>>>> <IfModule suphp_module>
>>>>>> suPHP_UserGroup nobody nobody
>>>>>> </IfModule>
>>>>>> </VirtualHost>
>>>>>
>>>>>
>>>>> The actual account Virtual Host uses the IP address in the VirtualHost
>>>>> block, so the default that would be selected would be the one with the IP
>>>>> address:
>>>>>
>>>>> <VirtualHost 192.168.118.82:80>
>>>>>> ServerName example.net
>>>>>> DocumentRoot /home2/example_net/public_html
>>>>>> ServerAdmin webmas...@example.net
>>>>>
>>>>>
>>>>> would fall back to the first Virtual Host because it is more specific.
>>>>>
>>>>> If there is a different IP for the website on one of your systems -
>>>>> for example in the hosts file - that would cause it to all back to a
>>>>> different Virtual Host than you expect because the IP doesn't match.
>>>>>
>>>>> - Y
>>>>>
>>>>>
>>>>> On Sun, Feb 5, 2017 at 6:44 PM, Spork Schivago <
>>>>> sporkschiv...@gmail.com> wrote:
>>>>>
>>>>>> Yehuda,
>>>>>>
>>>>>> Could you please explain what you mean in a little more detail? I
>>>>>> only have one server running Apache and I only have that one DNS server.
>>>>>> I don't really see how my DNS server could be setup in such away where it
>>>>>> affects Apache's DocumentRoot's directive...
>>>>>>
>>>>>> When I was logged into the remote server running Apache, Apache was
>>>>>> serving files from a different directory than it was when I was accessing
>>>>>> Apache via my local machine. I hope that makes sense. Looking at my
>>>>>> Apache conf log, when I was accessing Apache from my local machine, it
>>>>>> was
>>>>>> acting properly, because I didn't have a VirtualHost setup for the www
>>>>>> host, but when I was accessing Apache from the server that was running
>>>>>> Apache, it was serving files from the domain.com VirtualHost
>>>>>> directory. ServerAliases have been commented out. To my knowledge,
>>>>>> this should not happen.
>>>>>>
>>>>>> I can probably regenerate it. I've restarted the server and
>>>>>> everything, but I was thinking maybe this was some sort of bug and not a
>>>>>> misconfigured server.
>>>>>>
>>>>>> On Sun, Feb 5, 2017 at 4:47 PM, Yehuda Katz <yeh...@ymkatz.net>
>>>>>> wrote:
>>>>>>
>>>>>>> Did you check your DNS to make sure both systems are resolving to
>>>>>>> the same IP address?
>>>>>>>
>>>>>>> - Y
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jan 26, 2017 at 3:31 PM, Spork Schivago <
>>>>>>> sporkschiv...@gmail.com> wrote:
>>>>>>>
>>>>>>>> I have a bit of a weird problem that I'd like some help tracking
>>>>>>>> down. I'm pretty sure it's something with Apache. In my Apache
>>>>>>>> 2.4.25
>>>>>>>> (cPanel) config file, I have the ServerAliases disabled. There's a
>>>>>>>> "catch-all" entry for unbound IPs, that look like this:
>>>>>>>>
>>>>>>>> <VirtualHost *>
>>>>>>>> ServerName myhostname.mydomain.com
>>>>>>>> DocumentRoot /var/www/html
>>>>>>>> ServerAdmin myrealem...@someplace.com
>>>>>>>>
>>>>>>>> <IfModule suphp_module>
>>>>>>>> suPHP_UserGroup nobody nobody
>>>>>>>> </IfModule>
>>>>>>>>
>>>>>>>> </VirtualHost>
>>>>>>>>
>>>>>>>> Further down, I have a VirtualHost entry for mydomain.com, which
>>>>>>>> has a DocumentRoot of /home/<myusername>/public_html
>>>>>>>>
>>>>>>>> I setup a test file, /home/<myusername>/public_html
>>>>>>>> /.well-known/acme-challenge/test that says www.mydomain.com-test.
>>>>>>>>
>>>>>>>> Then I setup another test file,
>>>>>>>> /var/www/html/.well-known/acme-challenge/test
>>>>>>>> that says myhostname.mydomain.com-test
>>>>>>>>
>>>>>>>> I have .htaccess files in /home/<myusername>/public_html that
>>>>>>>> redirect all traffic to secure ports. I have cPanel installed and
>>>>>>>> have
>>>>>>>> manually setup subdomains for the various cPanel stuff.
>>>>>>>>
>>>>>>>> Anyway, when I run the following command on the remote server:
>>>>>>>> curl http://www.mydomain.com/.well-known/acme-challenge/test
>>>>>>>>
>>>>>>>> I see the 301 redirect. When I run:
>>>>>>>> curl https://www.mydomain.com/.well-known/acme-challenge/test
>>>>>>>> I see the:
>>>>>>>> www.mydomain.com-test
>>>>>>>>
>>>>>>>>
>>>>>>>> However, when I run those commands on my local Linux box instead of
>>>>>>>> the remote server that's running Apache, I see:
>>>>>>>> curl http://www.mydomain.com/.well-known/acme-challenge/test
>>>>>>>> myhostname.mydomain-test
>>>>>>>>
>>>>>>>> curl https://www.mydomain.com/.well-known/acme-challenge/test
>>>>>>>> www.mydomain.com-test
>>>>>>>>
>>>>>>>>
>>>>>>>> It's not just curl, lynx, the command line web browser, does the
>>>>>>>> same thing. On the remote computer that's running Apache, for some
>>>>>>>> reason, I'm seeing different results than I am when I run the commands
>>>>>>>> on
>>>>>>>> my local Linux box.
>>>>>>>>
>>>>>>>> Any idea what's going on?
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> Sincerely,
>>>>>>>> Ken Swarthout
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
