After 10/18 webmin/virtualmin module update, multiple things seem broken with virtualhost creation

82 posts / 0 new
Last post
#1 Mon, 10/21/2019 - 21:47
hoogs

After 10/18 webmin/virtualmin module update, multiple things seem broken with virtualhost creation

First: How can I down-rev to version N-1 ? (I want to test to see if my issues actually were caused by last weekend's webmin/virtualmin module updates.)

There seems to be something broken with setting up SSL sites after the updates. (ERR_TOO_MANY_REDIRECTS.)

Second: I just created another domain (without SSL), but Virtualmin seems to think it doesn't exist. (All traffic for new v-host goes to the "default" domain.)

Pls help...

Tue, 10/22/2019 - 09:12
Dibs

Look in the Apache VirtualHosts blocks for the *:80 and IP:443 lines.

https://www.virtualmin.com/comment/803214#comment-803214 should have a resolution.

Tue, 10/22/2019 - 10:40 (Reply to #2)
hoogs

@Dibs, I had previously posted this as an issue, and got a frustrating response to the effect that "Oh it can't be anything that we broke", when the only thing that had changed on the server was in fact the updated webmin / virtualmin modules.

It's especially frustrating since I'm not doing anything unusual ... these are plain-vanilla virtualhost configs. (There's nothing about IP:80 / IP:443, vs. *:80 / *:443) I hadn't touched httpd.conf until this issue showed up.

I already looked in the VirtualHost blocks, but didn't see anything different other than (obviously) the domain / account names, and a couple of php directives. (I changed those to be identical but it didn't fix anything.) Here's my original extended post, with the relevant Virtualhost blocks -- insights would be hugely appreciated...

https://www.virtualmin.com/comment/818489

Tue, 10/22/2019 - 10:47 (Reply to #3)
hoogs

Is there a way to back out the webmin / virtualmin module updates, down to rev N-1 ?

If I can do that, at least it would let me prove / disprove the source of the problem.

Tue, 10/22/2019 - 10:59
Dibs

Have you tried disabling SSL for the non-working domain\s to see traffic stops going to the default domain?

Tue, 10/22/2019 - 11:17 (Reply to #5)
hoogs

Yes: https://www.virtualmin.com/comment/818496#comment-818496

There seem to be distinct issues going on but I can't untangle them, exactly. (Again, noting that this started after the 10/18 webmin & virtualmin module updates.)

  1. I originally had configured Virtualmin to always create an SSL site along with the standard webhost. Never had any problem with that, until after the updates.

  2. On 10/19, created NewDomain1, and immediately started seeing ERR_TOO_MANY_REDIRECTS. I removed SSL site, and ERR_TOO_MANY_REDIRECTS went away.

  3. On 10/21, created NewDomain2 (no SSL), and now just basic surfing to NewDomain2 sends browser to totally-unrelated DefaultDomain.

  4. VirtualMin devs seem to prefer denying that there's a problem, rather than looking into it, despite that these issues only showed up after 10/18 module updates.

  5. Nobody seems to have any input for my plaintive request to back out the module updates, just to prove / disprove if they are, in fact, the source of the problems.

Does that provide any useful data? :'(

Tue, 10/22/2019 - 11:21
Dibs

Cheers for posting that up.

  1. In the new domain with no SSL have you created a noddy html page (hello world or something) and placed it in the public_html directory (or whatever it's called)? Just so the site has some "content"?

There's a few things going on possibly & I think it's best to work through them.

Apologies - I can't help with downgrading Virtualmin, never done it and the way I'm wired - I'd view that as a last resort (for myself) and probably beat Apache into submission at some point. ;)

Tue, 10/22/2019 - 11:33 (Reply to #7)
hoogs

Yep. :'(

<html>
<H1>Under Construction</h1>
</html>

All web traffic goes to DefaultDomain.

I've removed the virtualhost for NewDomain2 and recreated it several times. Same behavior.

I'm afraid to create NewDomain3 to see what happens there. Arrgghhh... I came to VirtualMin because it had the rep of being the most stable of all the admin / configuration apps ... I really don't want to have to trash everything and rebuild with some other webhost manager just because the devs don't want to tell me how I can simply back out these updates to do a stupid test to prove/disprove whether the 10/18 module updates are in fact the source of these issues.

Tue, 10/22/2019 - 11:38
Dibs

can you put a php file in the public root with

<?php
phpinfo();
?>

call it say myphp.php

and then go to http://www.newDomain2.com/myphp.php and see what it does? Just to see if all content is not being recognised or just certain types.

EDIT: stop and start Apache as well (just to be sure it's using the current config)

Tue, 10/22/2019 - 11:45
hoogs

OK, NewDomain2/myinfo.php does get reached -- yay, a small win. (sip of beer for everyone)

Now what?

Tue, 10/22/2019 - 11:50
Dibs

I would suggest "stripping" things back to basics. Take

.htaccess, cloudfare out of the equation.

Stop & start Apache - is the sample html page still going to the default domain?

EDIT: Before stopping and starting Apache - in Virtualmin, Edit Virtual server, Enabled Features: remove everything apart from "Apache website enabled". To strip your VirtualHosts block to the bare minimum.

Tue, 10/22/2019 - 13:04 (Reply to #11)
hoogs

OK, no .htaccess, Cloudflare proxy removed (checked via nslookup), stripped "extra" virtualmin features, and restarted Apache.

index.html perms 644

... still redirects to DefaultDomain.

D'oh! :'(

Tue, 10/22/2019 - 14:04
Dibs

What do your Apache logs state around the time of the "click"?

Cloudfare proxy removal - is there any DNS propagation involved?

EDIT: Is the default site the 1st Apache VirtualHost?

Tue, 10/22/2019 - 14:29
Dibs

Have you tried stripping the VirtualHosts block right down to a minimum like:

<VirtualHost IP:80>
    ServerAdmin admin@NewDomain2.com
    ServerName NewDomain2.com
    ServerAlias www.NewDomain2.com
    DocumentRoot /var/www/NewDomain2/public_html
    DirectoryIndex index.html index.htm index.php index.php4 index.php5
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

then doing

sudo a2ensite NewDomain2.com.conf

then restart Apache?

In all fairness - nothing jumps out in the VirtualHost blocks you posted but I find it out that a .php file shows and a .html one doesn't. So maybe stepping back to a very basic VirtualHost's block and then adding sections back in might show what's misbehaving.

Tue, 10/22/2019 - 15:15
adamjedgar

Can you post your <Virtual Host *:443> for the new virtual server you setup that is causing the error.

Also, you mention that if you create a non ssl vhost it's loading default site...what is your dns configuration? Are you running Bind dns or is that being hosted elsewhere?

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 10/22/2019 - 15:18 (Reply to #15)
Dibs

It's in the original post of https://www.virtualmin.com/comment/818496

Tue, 10/22/2019 - 15:24 (Reply to #16)
adamjedgar

I only see the port 80 Virtual host... not his SSL one (which is producing the too many redirects error)

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 10/22/2019 - 15:31 (Reply to #17)
Dibs

The OP's non-working VirtualHost

Port 80

<VirtualHost SERVER_IP_ADDRESS:80>
SuexecUserGroup "#1022" "#1022"
ServerName DOMAIN_NOT_WORKING
ServerAlias www.DOMAIN_NOT_WORKING
ServerAlias mail.DOMAIN_NOT_WORKING
ServerAlias webmail.DOMAIN_NOT_WORKING
ServerAlias admin.DOMAIN_NOT_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_NOT_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_NOT_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/ACCOUNTNAME/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
RedirectMatch ^/(?!.well-known)(.*)$ https://DOMAIN_NOT_WORKING/$1
<Files awstats.pl>
AuthName "DOMAIN_NOT_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_NOT_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
</VirtualHost>

and his 443 host

<VirtualHost SERVER_IP_ADDRESS:443>
SuexecUserGroup "#1022" "#1022"
ServerName DOMAIN_NOT_WORKING
ServerAlias www.DOMAIN_NOT_WORKING
ServerAlias mail.DOMAIN_NOT_WORKING
ServerAlias webmail.DOMAIN_NOT_WORKING
ServerAlias admin.DOMAIN_NOT_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_NOT_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_NOT_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/ACCOUNTNAME/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/ACCOUNTNAME/ssl.cert
SSLCertificateKeyFile /home/ACCOUNTNAME/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "DOMAIN_NOT_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_NOT_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
SSLCACertificateFile /home/ACCOUNTNAME/ssl.ca
</VirtualHost>
Tue, 10/22/2019 - 15:20
andreychek

Just to be super sure it's not related to an IP config issue like Dibs mentioned above, can you post the output of this command:

grep -i '<virtualhost' /etc/apache2/sites-enabled/*.conf`

That will rule out a few common issues.

Also, what is the output of this command:

dpkg -l apache2

Tue, 10/22/2019 - 15:41 (Reply to #19)
Dibs

Even an

apachectl -S

would be good.

Tue, 10/22/2019 - 15:40
Dibs

In all fairness - I think it needs stripping down to basics. Disable all confs for Apache VirtualHosts, then re-enable only the troublesome one but with a basic VirtualHosts block, restarting Apache afterwards.

Something is amiss in that he can see a .php file but not a .html file in the public root of that host.

I'd then refer to the Apache docs and add back in sections at a time. Mind you I'd be tempted to run an

apachectl configtest

command once every VirtualHost has been disabled, enable the troublesome one enable (but prior to swapping it for a basic one) and restart Apache - then do the configtest. Not expecting anything to jump out as Apache is running - but it might show something about the troublesome one. But then again, I am not sure what would happen if all VirtualHost blocks were syntactically correct with the exception of one. So if you disabled all of them expect the one - slightly more than curious what warnings\errors that would spit out.

Tue, 10/22/2019 - 15:41
adamjedgar

yes but i am wondering if there are 2 separate but related issues here? The virtual host loading the default website could actually be a dns issue (either on his dns host , if external, or his own system for example...he has set his system to control it for the new domain but not actually setup his system for this?)

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 10/22/2019 - 15:47 (Reply to #22)
Dibs

Quite possibly - but he did turn off SSL for the VirtualHost and a .php file was being parsed and the results shown but a .html file just redirected to the default site. The fact it parsed the php file and showed the output, suggests to me that his DNS is correct enough for it to find the IP and for Apache to find the correct VirtualHost.

This is all supposing the URL he accessed in both cases is identical - just one ending in \file.php and the other ending in \file.html & not a case of www for one and not the other (one having a DNS entry and the other not) - if that makes sense?

Tue, 10/22/2019 - 15:51 (Reply to #23)
adamjedgar

yep, thats true. I can understand his dilemma, it could be the theme, Bind dns on his system, htaccess, virtual host settings. I did see another forum post where a user had a similar issue where he had inadvertantly added the ssl permanent redirect into the virtual host 443 configuration.

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Tue, 10/22/2019 - 15:57 (Reply to #24)
Dibs

I did ask the OP to remove\disable htaccess & cloudfare out of the equation, which he did and reported back that the .php file did render but .html sent him to the default site. And he removed all other enabled features from his Virtual Host\Server leaving only website enabled.

Given it's still behaving the same - i.e. .php renders but .html doesn't work, I'm thinking to strip it down to a basic VirtualHost block (as basic as you can get) which should render a html file - get that working and the rest should fall into place.

Apache - to my mind - isn't massively complex in it's basic state but as the .conf file grows in directives, the chances of missing a mistake in all the lines, grows.

Just my 2c worth. ;)

Tue, 10/22/2019 - 20:04
hoogs

Hey guys, sorry for my delay ...

@Dibs, I stripped entry bare for NewDomain2:

<VirtualHost Server_IP_Addr:80>
SuexecUserGroup "#1026" "#1026"
ServerName NewDomain2
ServerAlias mail.NewDomain2
ServerAlias www.NewDomain2
DocumentRoot /home/NewDomain2/public_html
ErrorLog /var/log/virtualmin/NewDomain2_error_log
CustomLog /var/log/virtualmin/NewDomain2_access_log combined
ScriptAlias /cgi-bin/ /home/NewDomain2/cgi-bin/
</VirtualHost>

Drumroll ... yes, now index.html displays. (Still, the .php file won't run now as all the php directives were taken out.)

@adamjedgar, thanks very much for your input ... here's the relevant portion of apachectl -S output:

VirtualHost configuration:
Server_IP_addr:443     is a NameVirtualHost
         default server DefaultServer.com (/etc/httpd/conf/httpd.conf:424)
         port 80 namevhost NewDomain2 (/etc/httpd/conf/httpd.conf:2822)
                 alias mail.NewDomain2
                 alias www.NewDomain2
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

I'm out of my depth to interpret the output, tho...?

Tue, 10/22/2019 - 20:08
hoogs

@Dibs, I can't do

sudo a2ensite NewDomain2.com.conf

as my host is CentOS7.7. (Actually I didn't know that command; apparently it's only for Debian-based systems?)

So I'm stuck with manually vi'ing the httpd.conf file to snip out the various pieces. D'oh. :'(

Tue, 10/22/2019 - 20:09
hoogs

What to do now?

Tue, 10/22/2019 - 20:17
hoogs

Ref: BIND/DNS. Not running DNS on this server; that's all outsourced to Cloudflare. (NB: Cloudflare proxy for this virtualhost is disabled.)

The weirdness started after the 10/18 webmin / virtualmin module updates. Prior to that, I've never had a problem adding / removing virtualhosts.

For now, since ERR_TOO_MANY_REDIRECTS is persistent with any new SSL V-host, I'm not making those.

@Dibs, yes, DefaultHost is the first virtual host entry in http.conf.

Tue, 10/22/2019 - 21:07
hoogs

These seem to be the problematic lines in httpd.conf, as when they are uncommented the browser is redirected to DefaultDomain; but when commented out index.html is correctly processed:

RewriteCond %{HTTP_HOST} =webmail.NewDomain2
RewriteRule ^(.*) https://NewDomain2:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.NewDomain2
RewriteRule ^(.*) https://NewDomain2:10000/ [R]

However ... the same RewriteRule directives in NewDomain1's virtualhost block, don't cause a problem. (Huh?)

Wed, 10/23/2019 - 15:37 (Reply to #30)
Dibs

Almost grasping at straws here - are there any differences in the DNS settings between NewDomain1 & newDomain2?

Wed, 10/23/2019 - 15:46 (Reply to #31)
hoogs

Doesn't appear so. (I've got basically identical entries at Cloudflare DNS that point to the main server; I'm not running BIND / DNS locally.)

I can see about adding SSL again to NewDomain1 and cross my fingers...

Tue, 10/22/2019 - 23:10
Dibs

Can you create a new Virtual Server please? Make up a domain - it's not to go live. I just want to see what the VirtualHost block looks like for a new VirtualHost. Only Website Enabled - no mail, no ssl, no anything else.

Post up the VirtualHost block and you can delete the Virtualserver after that.

Cheers.

EDIT: I'm on UK time & off to sleep. I'll check the forums in about 8 hrs. ;)

Tue, 10/22/2019 - 23:18
Dibs

One last thing - httpd.conf, I suspect is much like apache2.conf for debian, etc and the directives there are supposed to be Global ones. Host specific ones are supposed to be in the VirtualHost blocks - that way Apache knows for which host to apply them to. That's my thinking anyway.

Oh - what version of Apache are you running?

EDIT: Can you post up your httpd.conf file please?

Tue, 10/22/2019 - 23:26
hoogs

onlyatest.com, as requested:

<VirtualHost 99.99.99.99:80>
SuexecUserGroup "#1028" "#1028"
ServerName onlyatest.com
ServerAlias www.onlyatest.com
ServerAlias mail.onlyatest.com
ServerAlias webmail.onlyatest.com
ServerAlias admin.onlyatest.com
DocumentRoot /home/onlyatest/public_html
ErrorLog /var/log/virtualmin/onlyatest.com_error_log
CustomLog /var/log/virtualmin/onlyatest.com_access_log combined
ScriptAlias /cgi-bin/ /home/onlyatest/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/onlyatest/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,Sym
LinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/onlyatest/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/onlyatest/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/onlyatest/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/onlyatest/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,Sym
LinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.onlyatest.com
RewriteRule ^(.*) https://onlyatest.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.onlyatest.com
RewriteRule ^(.*) https://onlyatest.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
</VirtualHost>
Tue, 10/22/2019 - 23:32
hoogs
httpd -V Server version: Apache/2.4.6 (CentOS)
Server built:   May  5 2019 23:51:46
Server's Module Magic Number: 20120211:24
Server loaded:  APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Wed, 10/23/2019 - 09:23
Dibs

OK - I've had a look at a default httpd.conf file for Centos 7 and it has no rewrite rules like the ones you posted earlier,

RewriteCond %{HTTP_HOST} =webmail.NewDomain2
RewriteRule ^(.*) https://NewDomain2:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.NewDomain2
RewriteRule ^(.*) https://NewDomain2:10000/ [R]

The default file is shown here - http://sysadmindata.com/centos-7-apache-httpd-conf/

Comment them out - put your "original" VirtualHosts block back for NewDomain2 (just the non SSL one) and can you access both the .php file you placed in the hosts public root and the .html file also?

Have a look at your httpd.conf file - are there rewrite rules (those 4 lines) for any other VirtualHost? I'm hoping not. If you haven't deleted the "onlyatest" domain - can you check to see if there are re-write rules for that in the htppd.conf file too? If you've deleted it - re-create it (takes a minute) and check httpd.conf for those for lines.

Wed, 10/23/2019 - 11:39
hoogs

Those rewrite rules appear in every virtual domain block in httpd.conf.

It's clear that Virtualmin adds the rewrite rrule for "admin", as it redirects to VirtualMin's usual default login port 10000. And, adds the "webmail" rule pointing to Usermin default login port 20000.)

Now, those additions are a bit peculiar, as there are no "admin" or "webmail" entries in DNS for any of my domains; so someone seems to have assumed those CNAMEs would be added to DNS prior to httpd starting up.

Further oddly, there are references to https in the :80 block for NewDomain2 and onlyatest.com -- odd, since there are no SSL virtualhost blocks for those domains.

I don't recall seeing references to webmail or admin CNAME entries anywhere in the Virtualmin package setup. (However, I see that VirtualMin also added them as ServerAlias entries in httpd.conf.)

RewriteCond %{HTTP_HOST} =webmail.SomeDomain.com
RewriteRule ^(.*) https://SomeDomain.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.SomeDomain.com
RewriteRule ^(.*) https://SomeDomain.com:10000/ [R]
Wed, 10/23/2019 - 12:50 (Reply to #38)
andreychek

Howdy,

Virtualmin does indeed add webmail and admin redirects, and if the "BIND DNS" feature is enabled (which is the default), those records are automatically added to the DNS.

You can configure how exactly those redirects work in the Apache Server Template in Virtualmin. For example, if you want them to redirect to a different URL you can do that. Or you can disable them altogether if you prefer.

-Eric

Wed, 10/23/2019 - 13:07 (Reply to #39)
Dibs

Cheers for that Eric. It doesn't explain why one of the OP's hosts\VirtualServers works fine with the 4 lines in (redirects) and another won't.

Wed, 10/23/2019 - 13:52 (Reply to #40)
andreychek

Understood, just trying to offer more information to assist with the troubleshooting.

-Eric

Wed, 10/23/2019 - 14:14 (Reply to #41)
Dibs

Appreciated!

Wed, 10/23/2019 - 12:44
Dibs

Does your httpd.conf have everything in it? Like the Global directives plus all the VirtualHost blocks? As opposed to a minimal httpd.conf and all the VirtualBlocks in their own conf?

Wed, 10/23/2019 - 13:54 (Reply to #43)
hoogs

Yes, Virtualmin has stuffed all the directives into httpd.conf

Wed, 10/23/2019 - 14:18
Dibs

So you don't have a "sites-enabled" directory in your "/etc/httpd" directory? Or in one of it's sub-directories?

Wed, 10/23/2019 - 14:23
hoogs
centos7x#   cd /etc/httpd/
centos7x#   find  .  -print

./modules
./conf.modules.d
./conf.modules.d/00-proxy.conf
./conf.modules.d/00-dav.conf
./conf.modules.d/00-lua.conf
./conf.modules.d/01-cgi.conf
./conf.modules.d/00-base.conf
./conf.modules.d/00-ssl.conf
./conf.modules.d/10-fcgid.conf
./conf.modules.d/10-php.conf
./conf.modules.d/00-systemd.conf
./conf.modules.d/00-mpm.conf
./conf.modules.d/00-mpm-itk.conf
./conf.d
./conf.d/awstats.conf
./conf.d/welcome.conf
./conf.d/userdir.conf
./conf.d/ssl.conf
./conf.d/fcgid.conf
./conf.d/ssl.conf.lock
./conf.d/README
./conf.d/webalizer.conf
./conf.d/php.conf
./conf.d/autoindex.conf
./logs
./run
./conf
./conf/httpd.conf
Wed, 10/23/2019 - 14:29 (Reply to #46)
Dibs

Bit weird - a lot of the web talks about "modularising" Apache and splitting things off into their own .conf files - makes perfect sense to me, but we are where we are [shitty phrase - I know]. So lets work with what we have and not try and redo Apache's layout for now.

Wed, 10/23/2019 - 14:26
Dibs

If you put back your "original" (or longer) VirtualHosts block (just for port 80), comment out the 4 rewrite rules, restart Apache - do things work? i.e. the test .html & .php files?

With those commented out - Apache won't rewrite\redirect the admin & webmail - is that an issue for that domain? I suspect it might not be for that domain, but you could have a domain down the road for which it might be.

[I'm thinking out aloud here - if the rules are commented out but you have the same entries as CNAMES (webmail, admin), if things would still work? So CNAME's for admin & webmail might resolve that issue for now]

If your .html & .php files are displaying for http - add the 443 (SSL) block in as well - commenting out the 4 rewrite lines, restart Apache and test of the .php & .html files display.

Wed, 10/23/2019 - 14:38 (Reply to #48)
hoogs

Actually, I had already done that. The longer block has been there since yesterday afternoon, less the commented-out rewrite rules.

This is especially odd since those rewrite rules are in every other virtualhost block as well; but those never caused problems. (Only since the "update" from 10/18. And the SSL block as well; all OK prior to 10/18 "update" -- but now I can't add SSL sites due to ERR_TOO_MANY_REDIRECTS.)

I believe I can't add the SSL block back in for NewDomain2 as there's no SSL certificate.

Wed, 10/23/2019 - 14:50 (Reply to #49)
Dibs

Put the SSL block back in - the request a Lets Encrypt cert for NewDomain2 (making sure it has just NewDomain2.com & www.NewDomain2.com as the hosts. can redo it later with others etc).

Then stop & start Apache and see what happens.

EDIT: without knowing what you updated on 10/18 it's hard to say. It is possible you updated Apache as well and there could be some subtle changes under the hood in that version of Apache. Might not be - but equally there could.

Wed, 10/23/2019 - 14:55 (Reply to #50)
hoogs

To date I've only had Virtualmin deal with Let's Encrypt SSL certs.

Are you suggesting the "whole hog" method as described here?

https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-...

Pages

Topic locked