If you want to modify the cPanel-generated configuration, look at custom config:
If you are using EA4: https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files EA3 has a similar feature, but I can't find the documentation right now. - Y On Tue, Feb 7, 2017 at 4:15 PM, Spork Schivago <sporkschiv...@gmail.com> wrote: > Thank you. > > I have tried running curl -4 http://www.jetbbs.com/.well-known/test.html > and curl -6 http://www.jetbbs.com/.well-known/test.html > > > I'm posting a copy of the httpd -S output. > > > > httpd -S > VirtualHost configuration: > 45.33.78.219:80 is a NameVirtualHost > default server 45.33.78.219 (/etc/apache2/conf/httpd.conf:240) > port 80 namevhost 45.33.78.219 (/etc/apache2/conf/httpd.conf:240) > port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281) > port 80 namevhost cpcalendars.jetbbs.com > (/etc/apache2/conf/httpd.conf:345) > port 80 namevhost cpcontacts.jetbbs.com > (/etc/apache2/conf/httpd.conf:409) > port 80 namevhost webdisk.jetbbs.com > (/etc/apache2/conf/httpd.conf:473) > port 80 namevhost webmail.jetbbs.com > (/etc/apache2/conf/httpd.conf:537) > port 80 namevhost cpanel.jetbbs.com > (/etc/apache2/conf/httpd.conf:601) > port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf: > 665) > 45.33.78.219:443 is a NameVirtualHost > default server jetbbs.com (/etc/apache2/conf/httpd.conf:732) > port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732) > port 443 namevhost cpcalendars.jetbbs.com > (/etc/apache2/conf/httpd.conf:812) > port 443 namevhost cpcontacts.jetbbs.com > (/etc/apache2/conf/httpd.conf:892) > port 443 namevhost webdisk.jetbbs.com > (/etc/apache2/conf/httpd.conf:972) > port 443 namevhost webmail.jetbbs.com > (/etc/apache2/conf/httpd.conf:1052) > port 443 namevhost cpanel.jetbbs.com > (/etc/apache2/conf/httpd.conf:1132) > port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf: > 1212) > [2600:3c03::f03c:91ff:fee0:11b4]:80 is a NameVirtualHost > default server jetbbs.com (/etc/apache2/conf/httpd.conf:281) > port 80 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:281) > port 80 namevhost cpcalendars.jetbbs.com > (/etc/apache2/conf/httpd.conf:345) > port 80 namevhost cpcontacts.jetbbs.com > (/etc/apache2/conf/httpd.conf:409) > port 80 namevhost webdisk.jetbbs.com > (/etc/apache2/conf/httpd.conf:473) > port 80 namevhost webmail.jetbbs.com > (/etc/apache2/conf/httpd.conf:537) > port 80 namevhost cpanel.jetbbs.com > (/etc/apache2/conf/httpd.conf:601) > port 80 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf: > 665) > [2600:3c03::f03c:91ff:fee0:11b4]:443 is a NameVirtualHost > default server jetbbs.com (/etc/apache2/conf/httpd.conf:732) > port 443 namevhost jetbbs.com (/etc/apache2/conf/httpd.conf:732) > port 443 namevhost cpcalendars.jetbbs.com > (/etc/apache2/conf/httpd.conf:812) > port 443 namevhost cpcontacts.jetbbs.com > (/etc/apache2/conf/httpd.conf:892) > port 443 namevhost webdisk.jetbbs.com > (/etc/apache2/conf/httpd.conf:972) > port 443 namevhost webmail.jetbbs.com > (/etc/apache2/conf/httpd.conf:1052) > port 443 namevhost cpanel.jetbbs.com > (/etc/apache2/conf/httpd.conf:1132) > port 443 namevhost whm.jetbbs.com (/etc/apache2/conf/httpd.conf: > 1212) > *:* franklin.jetbbs.com (/etc/apache2/conf/httpd.conf: > 260) > ServerRoot: "/etc/apache2" > Main DocumentRoot: "/etc/apache2/htdocs" > Main ErrorLog: "/etc/apache2/logs/error_log" > Mutex ssl-stapling: using_defaults > Mutex proxy: using_defaults > Mutex ssl-cache: dir="/run/apache2" mechanism=fcntl > Mutex default: dir="/var/run/apache2/" mechanism=default > Mutex mpm-accept: using_defaults > Mutex rewrite-map: dir="/run/apache2" mechanism=fcntl > Mutex ssl-stapling-refresh: using_defaults > PidFile: "/run/apache2/httpd.pid" > Define: DUMP_VHOSTS > Define: DUMP_RUN_CFG > Define: MODSEC_2.5 > Define: MODSEC_2.9 > User: name="nobody" id=99 > Group: name="nobody" id=99 > > > I think we figured this out. That default server 45.33.78.219 for > 45.33.78.219:80 is the key. If I run curl -S > http://www.jetbbs.com/.well-known/test.html on the server running Apache, > I finally see the franklin.jetbbs.com-test file. If I run curl -S > https://www.jetbbs.com/.well-known/test.html, I see the jetbbs.com-test > file. If I run the -6, I see the jetbbs.com-test file. It seems that > default server for port 80 is only there for port 80 and not port 443. > > This is probably why I'm failing my security scan. I'm not redirecting > all traffic to port 443. I want to be. I used rewrite rules and as far > as I could tell, I was. But that default server 45.33.78.219 (IPv4) stuff > isn't getting redirected. I'm guessing that was added by cPanel. I need > to find away to redirect that now to port 443. I can't just add an entry > in the .htaccess file under /var/www/html because cPanel says those files > can get deleted at any time. > > Thank you so much for helping me finally understand what's going on!!! > You were correct, it's not a bug with Apache. This was a real big head > scratcher for me, I really appreciate it!!!!!! > > On Sun, Feb 5, 2017 at 11:03 PM, Yehuda Katz <yeh...@ymkatz.net> wrote: > >> The next thing that comes to mind is your IPv6 virtual host. None of my >> webservers currently have IPv6 enabled, so I can't test this. >> Try to force the connection to use IPv4 or IPv6 and see if that makes a >> difference. >> >> You can try running httpd -S on the webserver to get a list of virtual >> hosts by IP address which may also give you an idea of why a particular >> virtual host is selected. >> >> - Y >> >> On Sun, Feb 5, 2017 at 9:10 PM, Spork Schivago <sporkschiv...@gmail.com> >> wrote: >> >>> Okay. I've been able to reproduce the results. I removed the two >>> ServerAlias www.jetbbs.com entries (one for port 80 and the other for >>> port 443). To prevent confusion, I'll tell my hostnames. >>> >>> Eugene: My local machine that I use to surf the internet >>> Franklin: My VPS that runs Apache. >>> >>> on Franklin, I run dig www.jetbbs.com, I see: >>> >>> dig www.jetbbs.com >>> >>> ; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.1 <<>> www.example.com >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17479 >>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;www.jetbbs.com. IN A >>> >>> ;; ANSWER SECTION: >>> www.jetbbs.com. 14120 IN A 45.33.78.219 >>> >>> ;; Query time: 0 msec >>> ;; SERVER: 96.126.106.5#53(96.126.106.5) >>> ;; WHEN: Sun Feb 05 20:59:22 EST 2017 >>> ;; MSG SIZE rcvd: 59 >>> >>> >>> >>> >>> On Eugene (my local machine), I run dig www.jetbbs.com, I see: >>> dig www.jetbbs.com >>> >>> ; <<>> DiG 9.10.4-P5 <<>> www.jetbbs.com >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34470 >>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 512 >>> ;; QUESTION SECTION: >>> ;www.jetbbs.com. IN A >>> >>> ;; ANSWER SECTION: >>> www.jetbbs.com. 14399 IN A 45.33.78.219 >>> >>> ;; Query time: 132 msec >>> ;; SERVER: 8.8.8.8#53(8.8.8.8) >>> ;; WHEN: Sun Feb 05 21:01:02 EST 2017 >>> ;; MSG SIZE rcvd: 59 >>> >>> >>> >>> >>> Here's what my /etc/hosts file looks like on Franklin: >>> # The following lines are desirable for IPv4 capable hosts >>> 127.0.0.1 localhost localhost.localdomain localhost4 >>> localhost4.localdomain4 >>> >>> # The following lines are desirable for IPv6 capable hosts >>> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 >>> 2600:3c03::f03c:91ff:fee0:11b4 franklin >>> 45.33.78.219 franklin.jetbbs.com franklin >>> >>> >>> >>> Here's what my /etc/hosts file looks like on Eugene (my local machine): >>> # hosts This file describes a number of hostname-to-address >>> # mappings for the TCP/IP subsystem. It is mostly >>> # used at boot time, when no name servers are running. >>> # On small systems, this file can be used instead of a >>> # "named" name server. >>> # Syntax: >>> # IP-Address Full-Qualified-Hostname Short-Hostname >>> 127.0.0.1 localhost >>> # special IPv6 addresses >>> ::1 localhost ipv6-localhost ipv6-loopback >>> fe00::0 ipv6-localnet >>> ff00::0 ipv6-mcastprefix >>> ff02::1 ipv6-allnodes >>> ff02::2 ipv6-allrouters >>> ff02::3 ipv6-allhosts >>> 192.168.2.5 eugene eugene >>> >>> >>> >>> >>> I setup two test files that look like this: >>> /home/<username>/public_html/.well-known/test.html >>> www.jetbbs.com and jetbbs.com test >>> >>> /var/www/html/.well-known/test.html >>> franklin.jetbbs.com test >>> >>> >>> On Franklin, I run curl www.jetbbs.com/.well-known/test.html and see >>> this: >>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>> <html><head> >>> <title>301 Moved Permanently</title> >>> </head><body> >>> <h1>Moved Permanently</h1> >>> <p>The document has moved <a href="https://www.jetbbs.com/. >>> well-known/test.html">here</a>.</p> >>> </body></html> >>> >>> >>> So I run curl https://www.jetbbs.com/.well-known/test.html and see this: >>> jetbbs.com and www.jetbbs.com test >>> >>> >>> But on Eugene (my local machine), and everyone elses machine, when I run: >>> curl www.jetbbs.com/.well-known/test.html, I see: >>> franklin.jetbbs.com test >>> >>> I still don't fully understand why I'm seeing different results based on >>> whether I run the command on the server running Apache or whether I run it >>> on another machine. There's no www.jetbbs.com entry in the hosts >>> file. Is there some other place that might make it so when I'm logged >>> into Franklin, when I type www.jetbbs.com, something converts it to the >>> IP address of my server? If so, then I understand what's going on, if >>> not, I'm still confused. >>> >>> On Sun, Feb 5, 2017 at 8:27 PM, Yehuda Katz <yeh...@ymkatz.net> wrote: >>> >>>> If you want to provide your whole config file, I suggest creating a >>>> gist or pastebin post. >>>> You should also just run dig or host on the domain name from both >>>> machines and make sure you get the same results. >>>> >>>> - Y >>>> >>>> On Sun, Feb 5, 2017 at 8:25 PM, Spork Schivago <sporkschiv...@gmail.com >>>> > wrote: >>>> >>>>> So you don't think it's a bug in Apache? Okay. I only have two IP >>>>> addresses. One is an IPv4 IP address, one is an IPv6 IP address. When >>>>> I >>>>> get some more time, I'll try some experimenting and see if I can duplicate >>>>> the issue. If it's okay with the mailing list, I'd like to provide a >>>>> copy >>>>> of my entire Apache configuration file. I'd really like to try and >>>>> understand what exactly happened. There was no ServerName >>>>> www.example.com anywhere in the Apache config file, there was no >>>>> ServerAlias www.example.com in the Apache config file. I think I >>>>> might understand what you're saying. >>>>> >>>>> On the remote server, when I ran curl, maybe it converted >>>>> www.example.com to the IP address, so instead of going to >>>>> www.example.com, I was actually going to 192.168.2.2, for example. >>>>> I've looked at my hosts file, I have an entry for hostname.domain.com, >>>>> but nothing for www.domain.com. >>>>> >>>>> On Sun, Feb 5, 2017 at 7:38 PM, Yehuda Katz <yeh...@ymkatz.net> wrote: >>>>> >>>>>> This is a common enough setup that it is unlikely to be a bug and >>>>>> more likely to be a configuration error. >>>>>> >>>>>> cPanel creates VirtualHosts using the IP address of the server. For >>>>>> example, I have a cPanel server running behind NAT, so there are two >>>>>> default virtual hosts: >>>>>> >>>>>>> <VirtualHost 192.168.118.82:80> >>>>>>> ServerName 192.168.118.82 >>>>>>> DocumentRoot /var/www/html >>>>>>> ServerAdmin hostmas...@example.com >>>>>>> <IfModule suphp_module> >>>>>>> suPHP_UserGroup nobody nobody >>>>>>> </IfModule> >>>>>>> </VirtualHost> >>>>>>> <VirtualHost *> >>>>>>> ServerName ph04.example.com >>>>>>> DocumentRoot /var/www/html >>>>>>> ServerAdmin hostmas...@example.com >>>>>>> <IfModule suphp_module> >>>>>>> suPHP_UserGroup nobody nobody >>>>>>> </IfModule> >>>>>>> </VirtualHost> >>>>>> >>>>>> >>>>>> The actual account Virtual Host uses the IP address in the >>>>>> VirtualHost block, so the default that would be selected would be the one >>>>>> with the IP address: >>>>>> >>>>>> <VirtualHost 192.168.118.82:80> >>>>>>> ServerName example.net >>>>>>> DocumentRoot /home2/example_net/public_html >>>>>>> ServerAdmin webmas...@example.net >>>>>> >>>>>> >>>>>> would fall back to the first Virtual Host because it is more specific. >>>>>> >>>>>> If there is a different IP for the website on one of your systems - >>>>>> for example in the hosts file - that would cause it to all back to a >>>>>> different Virtual Host than you expect because the IP doesn't match. >>>>>> >>>>>> - Y >>>>>> >>>>>> >>>>>> On Sun, Feb 5, 2017 at 6:44 PM, Spork Schivago < >>>>>> sporkschiv...@gmail.com> wrote: >>>>>> >>>>>>> Yehuda, >>>>>>> >>>>>>> Could you please explain what you mean in a little more detail? I >>>>>>> only have one server running Apache and I only have that one DNS server. >>>>>>> I don't really see how my DNS server could be setup in such away where >>>>>>> it >>>>>>> affects Apache's DocumentRoot's directive... >>>>>>> >>>>>>> When I was logged into the remote server running Apache, Apache was >>>>>>> serving files from a different directory than it was when I was >>>>>>> accessing >>>>>>> Apache via my local machine. I hope that makes sense. Looking at my >>>>>>> Apache conf log, when I was accessing Apache from my local machine, it >>>>>>> was >>>>>>> acting properly, because I didn't have a VirtualHost setup for the www >>>>>>> host, but when I was accessing Apache from the server that was running >>>>>>> Apache, it was serving files from the domain.com VirtualHost >>>>>>> directory. ServerAliases have been commented out. To my knowledge, >>>>>>> this should not happen. >>>>>>> >>>>>>> I can probably regenerate it. I've restarted the server and >>>>>>> everything, but I was thinking maybe this was some sort of bug and not a >>>>>>> misconfigured server. >>>>>>> >>>>>>> On Sun, Feb 5, 2017 at 4:47 PM, Yehuda Katz <yeh...@ymkatz.net> >>>>>>> wrote: >>>>>>> >>>>>>>> Did you check your DNS to make sure both systems are resolving to >>>>>>>> the same IP address? >>>>>>>> >>>>>>>> - Y >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Jan 26, 2017 at 3:31 PM, Spork Schivago < >>>>>>>> sporkschiv...@gmail.com> wrote: >>>>>>>> >>>>>>>>> I have a bit of a weird problem that I'd like some help tracking >>>>>>>>> down. I'm pretty sure it's something with Apache. In my Apache >>>>>>>>> 2.4.25 >>>>>>>>> (cPanel) config file, I have the ServerAliases disabled. There's a >>>>>>>>> "catch-all" entry for unbound IPs, that look like this: >>>>>>>>> >>>>>>>>> <VirtualHost *> >>>>>>>>> ServerName myhostname.mydomain.com >>>>>>>>> DocumentRoot /var/www/html >>>>>>>>> ServerAdmin myrealem...@someplace.com >>>>>>>>> >>>>>>>>> <IfModule suphp_module> >>>>>>>>> suPHP_UserGroup nobody nobody >>>>>>>>> </IfModule> >>>>>>>>> >>>>>>>>> </VirtualHost> >>>>>>>>> >>>>>>>>> Further down, I have a VirtualHost entry for mydomain.com, which >>>>>>>>> has a DocumentRoot of /home/<myusername>/public_html >>>>>>>>> >>>>>>>>> I setup a test file, /home/<myusername>/public_html >>>>>>>>> /.well-known/acme-challenge/test that says www.mydomain.com-test. >>>>>>>>> >>>>>>>>> Then I setup another test file, >>>>>>>>> /var/www/html/.well-known/acme-challenge/test >>>>>>>>> that says myhostname.mydomain.com-test >>>>>>>>> >>>>>>>>> I have .htaccess files in /home/<myusername>/public_html that >>>>>>>>> redirect all traffic to secure ports. I have cPanel installed and >>>>>>>>> have >>>>>>>>> manually setup subdomains for the various cPanel stuff. >>>>>>>>> >>>>>>>>> Anyway, when I run the following command on the remote server: >>>>>>>>> curl http://www.mydomain.com/.well-known/acme-challenge/test >>>>>>>>> >>>>>>>>> I see the 301 redirect. When I run: >>>>>>>>> curl https://www.mydomain.com/.well-known/acme-challenge/test >>>>>>>>> I see the: >>>>>>>>> www.mydomain.com-test >>>>>>>>> >>>>>>>>> >>>>>>>>> However, when I run those commands on my local Linux box instead >>>>>>>>> of the remote server that's running Apache, I see: >>>>>>>>> curl http://www.mydomain.com/.well-known/acme-challenge/test >>>>>>>>> myhostname.mydomain-test >>>>>>>>> >>>>>>>>> curl https://www.mydomain.com/.well-known/acme-challenge/test >>>>>>>>> www.mydomain.com-test >>>>>>>>> >>>>>>>>> >>>>>>>>> It's not just curl, lynx, the command line web browser, does the >>>>>>>>> same thing. On the remote computer that's running Apache, for some >>>>>>>>> reason, I'm seeing different results than I am when I run the >>>>>>>>> commands on >>>>>>>>> my local Linux box. >>>>>>>>> >>>>>>>>> Any idea what's going on? >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> Sincerely, >>>>>>>>> Ken Swarthout >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
