Eliyahu,
Appreciate you taking a shot. Here they are:
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.60.157/
ProxyPassReverse / http://192.168.60.157/
</VirtualHost>
<VirtualHost *:80>
ServerName mail.domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.60.157/
ProxyPassReverse / http://192.168.60.157/
</VirtualHost>
By the way the WAN side server hosts 3 websites. But the mail.domain.com
and the postfixadmin.domain.com are proxied
to another server on the lan.
I kind of feel like this setup is a bit corrupted, there's so much info
out there, and who knows what the right way.
My hunch is taking me to a possible ssl encryption setup, so I'm asking
on letsEncrypt as well.
If there's anything logs wise you need, I can provide.
Appreciate your thoughts,
Bret
On 10/7/2025 12:07 PM, E.S. Rosenberg wrote:
Op di 7 okt 2025 om 18:34 schreef Bret Stern
<[email protected]>:
Ok. So my understanding of ReWrite rules is to modify the url in
some fashion...per the Apache docs.
I don't see any reason to do that..so I commented out all the
"ReWrite directives". Good to get the junk out of
the puzzle.
After commenting out the ReWrites, I restarted httpd.
postfixadmin.domain.com <http://postfixadmin.domain.com> is still
landing in the
mail.domain.com <http://mail.domain.com> DocumentRoot.
Is there some sort of "debug" directive which would help me figure
out when the DocumentRoot
is getting set to what and when.
Ideas?
First virt host config for postfixadmin
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
ProxyPreserveHost On
ServerAlias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public
<Directory /var/www/postfixadmin/public>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/postfixadmin-error.log
CustomLog /var/log/httpd/postfixadmin-access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com> [OR]
#RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
<http://postfixadmin.domain.com>
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
second virt host config for mail
<VirtualHost *:80>
SSLProxyEngine on
ServerName mail.domain.com <http://mail.domain.com>
ProxyPreserveHost On
ServerAlias www.mail.domain.com <http://www.mail.domain.com>
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mail-domain-error.log
CustomLog /var/log/httpd/mail-domain-access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.mail.domain.com
<http://www.mail.domain.com> [OR]
#RewriteCond %{SERVER_NAME} =mail.domain.com <http://mail.domain.com>
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
On 10/7/2025 7:29 AM, Frank Gingras wrote:
On Mon, Oct 6, 2025 at 5:12 PM Bret Stern
<[email protected]> wrote:
Frank,
I added the original mail.domain.com <http://mail.domain.com>
virt host conf file back and now my postfixadmin stuff has
reverted to
the wrong DocumentRoot and isn't working.
Here are the VirtHost files. The names of the files does not
matter correct..they can be www.domain.com.conf
<http://www.domain.com.conf> or
somename.conf, right?
First virt host config for postfixadmin
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
ProxyPreserveHost On
ServerAlias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public
<Directory /var/www/postfixadmin/public>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/postfixadmin-error.log
CustomLog /var/log/httpd/postfixadmin-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com> [OR]
RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
<http://postfixadmin.domain.com>
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
second virt host config for mail
<VirtualHost *:80>
SSLProxyEngine on
ServerName mail.domain.com <http://mail.domain.com>
ProxyPreserveHost On
ServerAlias www.mail.domain.com <http://www.mail.domain.com>
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mail-domain-error.log
CustomLog /var/log/httpd/mail-domain-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mail.domain.com
<http://www.mail.domain.com> [OR]
RewriteCond %{SERVER_NAME} =mail.domain.com
<http://mail.domain.com>
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
This is my httpd -S readout for the internal server.
Wondering if anything here is obvious. I don't
read this stuff enough to know. So appreciate the eyes.
Not sure what's causing the "already loaded" line below.
[Mon Oct 06 13:50:40.068370 2025] [so:warn] [pid 10702:tid
10702] AH01574: module proxy_http_module is already loaded,
skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com.conf:1)
port 80 namevhost mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com.conf:1)
alias www.mail.domain.com
<http://www.mail.domain.com>
port 80 namevhost postfixadmin.domain.com
<http://postfixadmin.domain.com>
(/etc/httpd/conf.d/postfixadmin.conf:1)
alias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
*:443 is a NameVirtualHost
default server mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
port 443 namevhost mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
alias www.mail.domain.com
<http://www.mail.domain.com>
port 443 namevhost postfixadmin.domain.com
<http://postfixadmin.domain.com>
(/etc/httpd/conf.d/postfixadmin-le-ssl.conf:3)
alias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
port 443 namevhost 127.0.0.1
(/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex dav_fs-lockdb: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
On 10/6/2025 9:02 AM, Frank Gingras wrote:
On Mon, Oct 6, 2025 at 11:47 AM Bret Stern
<[email protected]> wrote:
Thanks for the comment.
I had to remove one of my virtual hosts to to get this
working.
My virtual host settings were triple checked...but the
DocumentRoot kept reverting to the
wrong virtual host DocRoot.
If the apache logic is to use the ServerName directive
in the [virthost *:80] as the deciding factor to set the
DocRoot, then either there is another
setting that I'm not aware of or there is a bug in the
logic in apache. When I have more time to
look, maybe it will surface. I have some other http
servers in our environments, so will check those results
as well.
Regardless, all of this is excellent learning experience.
Bret
On 10/5/2025 12:08 AM, E.S. Rosenberg wrote:
Hey Bret,
Unless I am very much mistaken you need to use the FQDN
in the ProxyPass directive and if you don't want to
expose the "real" IP of server B to the Internet you
would need to "override" the public DNS records either
in /etc/hosts or if you have the ability to present a
different DNS view to server A and don't mind that
complication that would be another option.
You could I guess also use some internal FQDN as long
as the virtualhosts on server B know to respond to that
too and all the links they return are relative or
rewritten to the domain server A presents.
HTH,
Eliyahu - אליהו
Op zo 5 okt 2025 om 09:34 schreef Bret Stern
<[email protected]>:
Can someone please comment.
Apache server A is a physical server on my network.
I has three virtual
hosts serving three
different websites. This appears to be working
correctly.
Introducing Apache server B
Apache server A also acts as a reverse proxy to
Apache server B which is
another separate server with a static ip, and
acts as my mail server.
There are two virtual hosts defined on Apache
server B, one is
mail.domain.com <http://mail.domain.com> and one is
postfixadmin.domain.com
<http://postfixadmin.domain.com>
My question is can Apache server A route (via
reverse proxy) to the two
virtual hosts on Apache server B.
At this point it's close to working, but my
postfixadmin.domain.com
<http://postfixadmin.domain.com> is
having it's document root directed to
virtual host mail.domain.com
<http://mail.domain.com>, instead of
postfixadmin.domain.com
<http://postfixadmin.domain.com>
I've spent hours checking my virt host
configurations. Is there some
other setting outside the virtual host
configuration that
is allowing the DocumentRoot to be hijacked?
Can someone please confirm my setup is possible?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
You'll need to show the output from the apachectl -S command
on all servers get a complete answer, to start.
The name of the config files are not relevant, indeed.
That being said, your :80 vhosts make no sense. You use
SSLProxyEngine on, yet you explicitly redirect to https:// in the
same vhost. You have to decide if you want to proxy or redirect,
first.
Hey Bret,
Unless I am very much mistaken so far you have only shared the config
of the internal server (server B) and not the reverse proxy configs.
Based on what you are describing my suspicion is that your reverse
proxy configuration is wrong/stripping the target hostname and thus
you end up on whatever virtualhost matches by default.
HTH,
Eliyahu - אליהו
