I think I'll just get another router and change my DNS records to point
to the proxied servers.
Always appreciate the help
On 10/7/2025 2:54 PM, Frank Gingras wrote:
On Tue, Oct 7, 2025 at 5:33 PM Bret Stern
<[email protected]> wrote:
Eliyahu,
Your reply here:
"As I suspected you are forwarding to the internal IP address,
thus the internal server sees a request for http://IP/
<http://IP/> and has no way to select a virtual host.
You can either do what I suggested in my original reply to
maintain the hostname or what you can also do is add/strip headers
on the reverse proxy."
I can't put the domain name in the proxypass ?Won't DNS for the
site just route it back to the same WAN server that's trying to
forwad it to the
backend server.
Still reading
On 10/7/2025 12:30 PM, E.S. Rosenberg wrote:
Op di 7 okt 2025 om 22:24 schreef Bret Stern
<[email protected]>:
Eliyahu,
Appreciate you taking a shot. Here they are:
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
ProxyPreserveHost On
ProxyPass / http://192.168.60.157/
ProxyPassReverse / http://192.168.60.157/
</VirtualHost>
<VirtualHost *:80>
ServerName mail.domain.com <http://mail.domain.com>
ProxyPreserveHost On
ProxyPass / http://192.168.60.157/
ProxyPassReverse / http://192.168.60.157/
</VirtualHost>
By the way the WAN side server hosts 3 websites. But the
mail.domain.com <http://mail.domain.com> and the
postfixadmin.domain.com <http://postfixadmin.domain.com> are
proxied
to another server on the lan.
I kind of feel like this setup is a bit corrupted, there's so
much info out there, and who knows what the right way.
My hunch is taking me to a possible ssl encryption setup, so
I'm asking on letsEncrypt as well.
If there's anything logs wise you need, I can provide.
Appreciate your thoughts,
Bret
On 10/7/2025 12:07 PM, E.S. Rosenberg wrote:
Op di 7 okt 2025 om 18:34 schreef Bret Stern
<[email protected]>:
Ok. So my understanding of ReWrite rules is to modify
the url in some fashion...per the Apache docs.
I don't see any reason to do that..so I commented out
all the "ReWrite directives". Good to get the junk out of
the puzzle.
After commenting out the ReWrites, I restarted httpd.
postfixadmin.domain.com <http://postfixadmin.domain.com>
is still landing in the
mail.domain.com <http://mail.domain.com> DocumentRoot.
Is there some sort of "debug" directive which would help
me figure out when the DocumentRoot
is getting set to what and when.
Ideas?
First virt host config for postfixadmin
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
ProxyPreserveHost On
ServerAlias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public
<Directory /var/www/postfixadmin/public>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/postfixadmin-error.log
CustomLog /var/log/httpd/postfixadmin-access.log
combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com> [OR]
#RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
<http://postfixadmin.domain.com>
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
second virt host config for mail
<VirtualHost *:80>
SSLProxyEngine on
ServerName mail.domain.com <http://mail.domain.com>
ProxyPreserveHost On
ServerAlias www.mail.domain.com
<http://www.mail.domain.com>
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mail-domain-error.log
CustomLog /var/log/httpd/mail-domain-access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.mail.domain.com
<http://www.mail.domain.com> [OR]
#RewriteCond %{SERVER_NAME} =mail.domain.com
<http://mail.domain.com>
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
On 10/7/2025 7:29 AM, Frank Gingras wrote:
On Mon, Oct 6, 2025 at 5:12 PM Bret Stern
<[email protected]> wrote:
Frank,
I added the original mail.domain.com
<http://mail.domain.com> virt host conf file back
and now my postfixadmin stuff has reverted to
the wrong DocumentRoot and isn't working.
Here are the VirtHost files. The names of the files
does not matter correct..they can be
www.domain.com.conf <http://www.domain.com.conf> or
somename.conf, right?
First virt host config for postfixadmin
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
ProxyPreserveHost On
ServerAlias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public
<Directory /var/www/postfixadmin/public>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/postfixadmin-error.log
CustomLog
/var/log/httpd/postfixadmin-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME}
=www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com> [OR]
RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
<http://postfixadmin.domain.com>
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
second virt host config for mail
<VirtualHost *:80>
SSLProxyEngine on
ServerName mail.domain.com <http://mail.domain.com>
ProxyPreserveHost On
ServerAlias www.mail.domain.com
<http://www.mail.domain.com>
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mail-domain-error.log
CustomLog /var/log/httpd/mail-domain-access.log
combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mail.domain.com
<http://www.mail.domain.com> [OR]
RewriteCond %{SERVER_NAME} =mail.domain.com
<http://mail.domain.com>
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
[END,NE,R=permanent]
</VirtualHost>
This is my httpd -S readout for the internal
server. Wondering if anything here is obvious. I don't
read this stuff enough to know. So appreciate the eyes.
Not sure what's causing the "already loaded" line
below.
[Mon Oct 06 13:50:40.068370 2025] [so:warn] [pid
10702:tid 10702] AH01574: module proxy_http_module
is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com.conf:1)
port 80 namevhost mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com.conf:1)
alias www.mail.domain.com
<http://www.mail.domain.com>
port 80 namevhost postfixadmin.domain.com
<http://postfixadmin.domain.com>
(/etc/httpd/conf.d/postfixadmin.conf:1)
alias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
*:443 is a NameVirtualHost
default server mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
port 443 namevhost mail.domain.com
<http://mail.domain.com>
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
alias www.mail.domain.com
<http://www.mail.domain.com>
port 443 namevhost postfixadmin.domain.com
<http://postfixadmin.domain.com>
(/etc/httpd/conf.d/postfixadmin-le-ssl.conf:3)
alias www.postfixadmin.domain.com
<http://www.postfixadmin.domain.com>
port 443 namevhost 127.0.0.1
(/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex dav_fs-lockdb: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
On 10/6/2025 9:02 AM, Frank Gingras wrote:
On Mon, Oct 6, 2025 at 11:47 AM Bret Stern
<[email protected]> wrote:
Thanks for the comment.
I had to remove one of my virtual hosts to to
get this working.
My virtual host settings were triple
checked...but the DocumentRoot kept reverting
to the
wrong virtual host DocRoot.
If the apache logic is to use the ServerName
directive in the [virthost *:80] as the
deciding factor to set the DocRoot, then
either there is another
setting that I'm not aware of or there is a
bug in the logic in apache. When I have more
time to
look, maybe it will surface. I have some other
http servers in our environments, so will
check those results as well.
Regardless, all of this is excellent learning
experience.
Bret
On 10/5/2025 12:08 AM, E.S. Rosenberg wrote:
Hey Bret,
Unless I am very much mistaken you need to
use the FQDN in the ProxyPass directive and
if you don't want to expose the "real" IP of
server B to the Internet you would need to
"override" the public DNS records either in
/etc/hosts or if you have the ability to
present a different DNS view to server A and
don't mind that complication that would be
another option.
You could I guess also use some internal FQDN
as long as the virtualhosts on server B know
to respond to that too and all the links they
return are relative or rewritten to the
domain server A presents.
HTH,
Eliyahu - אליהו
Op zo 5 okt 2025 om 09:34 schreef Bret Stern
<[email protected]>:
Can someone please comment.
Apache server A is a physical server on
my network. I has three virtual
hosts serving three
different websites. This appears to be
working correctly.
Introducing Apache server B
Apache server A also acts as a reverse
proxy to Apache server B which is
another separate server with a static ip, and
acts as my mail server.
There are two virtual hosts defined on
Apache server B, one is
mail.domain.com <http://mail.domain.com>
and one is postfixadmin.domain.com
<http://postfixadmin.domain.com>
My question is can Apache server A route
(via reverse proxy) to the two
virtual hosts on Apache server B.
At this point it's close to working, but
my postfixadmin.domain.com
<http://postfixadmin.domain.com> is
having it's document root directed to
virtual host mail.domain.com
<http://mail.domain.com>, instead of
postfixadmin.domain.com
<http://postfixadmin.domain.com>
I've spent hours checking my virt host
configurations. Is there some
other setting outside the virtual host
configuration that
is allowing the DocumentRoot to be hijacked?
Can someone please confirm my setup is
possible?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
You'll need to show the output from the apachectl
-S command on all servers get a complete answer,
to start.
The name of the config files are not relevant, indeed.
That being said, your :80 vhosts make no sense. You
use SSLProxyEngine on, yet you explicitly redirect to
https:// in the same vhost. You have to decide if you
want to proxy or redirect, first.
Hey Bret,
Unless I am very much mistaken so far you have only shared
the config of the internal server (server B) and not the
reverse proxy configs.
Based on what you are describing my suspicion is that your
reverse proxy configuration is wrong/stripping the target
hostname and thus you end up on whatever virtualhost matches
by default.
HTH,
Eliyahu - אליהו
Hey Bret,
As I suspected you are forwarding to the internal IP address,
thus the internal server sees a request for http://IP/
<http://IP/> and has no way to select a virtual host.
You can either do what I suggested in my original reply to
maintain the hostname or what you can also do is add/strip
headers on the reverse proxy.
HTH,
Eliyahu - אליהו
Yes, you can, if you configure nsswitch to use the hosts file.
