virtualhosts, dns, and cnames. For the love of God, please help me!

Crossposted to alt.os.linux, alt.apache.configuration,
comp.os.linux.networking. I really need help and am sorry for crossposting
but the FAQ says that up to three groups is allowed. I did not set a
followup.

I read docs, I googled, I tried, I cried. Please help!

I have a redhat 9 server that has worked just fine for years. I connect to
the internet with the roaring penguin script, my ADSL modem connects via
ethernet to nic in my redhat machine. 2nd nic connects to hub to act as
gateway for two XP machines. I run sendmail and use my domain for a mail
server, apache, and vsftpd.

I have a FQDN from networksolutions and get my DNS from no-ip.com. This has
always worked very well, I get DNS for my domain, www, ftp, mail, and an MX
record for sendmail. I have userdirs turned on in httpd.conf and allow
everything for options so that I can use cgi, both in and out of cgi
directories, and .htaccess files to control access. I run a family website
and have run it from my home directroy so the URL to the family site is a bit
hard to remember. I purchased a family domain name from 000domains.com and
want to run a virtual host on my machine.

I tried to add my family domain as a cname at no-ip.com but then they want
another $19 a year. Forget it, this is a zero income project and I cannot
afford this. I went to zoneedit.com and signed up for DNS for my family
domain. Now my family domain and my regualar domain both point to my redhat
machine. I cannot get virtualhosts to work right to save my life.

Should I drop no-ip.com and go over to zoneedit.com and remove my original
family domain, then setup my regular domain and then add the family domain as
a cname? Is it wrong to have two DNS services directing two different domains
to the same IP address? I would then have to go to networksolutions.com and
change the nameserver for my regular domain.

When I tried to add the virtualhost to my httpd.conf file, I ran into nothing
but problems. As soon as I add:

<VirtualHost *>

to the bottom of my httpd.conf file, it wipes out my root server. This is
what I have tried...

<VirtualHost *>
ServerAdmin (E-Mail Removed)
DocumentRoot /home/me/public_html/family
ServerName www.myfamily.org
ServerAlias myfamily.org *.myfamily.org
ErrorLog /home/me/public_html/family/logs/host.myfamily.org-error_log
CustomLog /home/me/public_html/family/logs/host.myfamily.org.-access_log
combined
</VirtualHost>

<VirtualHost *>
ServerAdmin (E-Mail Removed)
DocumentRoot /var/www/html
ServerName www.mydomain.com
ServerAlias mydomain.com *.mydomain.com
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log common
</VirtualHost>

If I put mydomain first, the family domain does not work. If I put the family
domain first, then mydomain does not work.

I also want cgi, both in and out of cgi-bin directories. (The phone book that
I use is java-cgi and the files for it run cgi scripts but they do not go in
a cgi-bin directory.

Everything worked so good until I tried to add the family domain. I had to
take the virtual domains out for now but my family stuff is hosed because it
is all changed to reflect the new family domain URLs.

Can somebody, please, anybody help with this? What am I doing wrong here? Is
the asterisk screwing me up in the <VirtualHost *> part?

--
Of course my email address is invalid.
Email me by assembling this address:
tinykitty /a/t/ ohmster dot com
~Ohmster

Hi Ohmster -

On Mon, 31 May 2004 00:45:52 GMT, Ohmster <(E-Mail Removed)>
wrote:

>Is it wrong to have two DNS services directing two different domains
>to the same IP address? I would then have to go to networksolutions.com and
>change the nameserver for my regular domain.

Nothing wrong with having different domains on different servers
pointing to the same IP address. You might try using using A records
where you are using CNAME, though it really should work either way.

>If I put mydomain first, the family domain does not work. If I put the family
>domain first, then mydomain does not work.

That behavior definitely sounds like a virtual hosting
misconfiguration. Whichever is listed first is the default when there
is no host name match. (I use a dummy server first for just that
reason.)

>Can somebody, please, anybody help with this? What am I doing wrong here? Is
>the asterisk screwing me up in the <VirtualHost *> part?

What does your NameVirtualHost line look like? With <VirtualHost *>
(which is what I use), you should have:
NameVirtualHost *

Do the error logs showing any configuration error messages? If you
run the test option (option -t), what do you get?

If don't already have it, add the virtual host name and server name to
your access log format and see what values you are getting.

--
Ken
http://www.ke9nr.net/

Ken <ng3122@ke9nr.#nospam#.net> wrote in
news:(E-Mail Removed):

> Hi Ohmster -
>
> On Mon, 31 May 2004 00:45:52 GMT, Ohmster <(E-Mail Removed)>
> wrote:

>
> Nothing wrong with having different domains on different servers
> pointing to the same IP address. You might try using using A records
> where you are using CNAME, though it really should work either way.

I am using A records on both no-ip.com for my regular domain and on
zoneedit.com for my family domain. I never did get to the cname part.

>>If I put mydomain first, the family domain does not work. If I put the
>>family domain first, then mydomain does not work.
>
> That behavior definitely sounds like a virtual hosting
> misconfiguration. Whichever is listed first is the default when there
> is no host name match. (I use a dummy server first for just that
> reason.)

Huh? What is a dummy server? I have my httpd.conf file setup to accept
incomming http requests to my domain and answer them in my server root,
/var/www/html directory. I also have enabled userdirs and that is what I
pretty much use all the time for file serving and for a family web site. I
also gave a good friend an account and he hosts his stationary site there. He
used to use tripod.com and it has grown to be a very popular stationary web
site and tripod ended up being useless so he serves it from his userdir. I
don't want to kill the userdirs if possible but the family website is in my
usedir/family/. I would like to map that to my virtual domain.


> What does your NameVirtualHost line look like? With <VirtualHost *>
> (which is what I use), you should have:
> NameVirtualHost *

I already took it out because it killed the root server and there was a link
there to the friend's stationary website in his userdir. Will try it again.

I did this again and *everything* now goes to the family website, even
regular domain and the web root. ...sigh.

>
> Do the error logs showing any configuration error messages? If you
> run the test option (option -t), what do you get?

No. The error logs gave me a stat error for one of the cgi pages, cgi is not
running for the family domain yet. What test option? I run httpd as a
service. You mean do
service httpd restart -t

How do I use this test?

>
> If don't already have it, add the virtual host name and server name to
> your access log format and see what values you are getting.

Uhm, how do you do that?

Can I email you this httpd.conf file for you to look at, Ken and can I see
yours or at least one that you know works? This would help a real lot, I hope
that you can do this.

Will have to remove the virtualhost from my httpd.conf file for now as
everything else is not working anymore.



--
Of course my email address is invalid.
Email me by assembling this address:
tinykitty /a/t/ ohmster dot com
~Ohmster

Ken <ng3122@ke9nr.#nospam#.net> wrote in
news:(E-Mail Removed):

> What does your NameVirtualHost line look like? With <VirtualHost *>
> (which is what I use), you should have:
> NameVirtualHost *

httpd -t was a good tip, it saved me from syntax errors.

Man I just don't get it. No matter what I put for the first virtual host, it
gloms every http request that comes into the machine. I put a dummy one in
there first and now the dummy eats everything!

<VirtualHost *>
ServerAdmin (E-Mail Removed)
DocumentRoot /var/www/manual
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost mydomain.com>
ServerName www.mydomain.com
DocumentRoot /var/www/html
ServerAdmin (E-Mail Removed)
ServerAlias mydomain.com *.mydomain.com
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log common
</VirtualHost>

<VirtualHost myfamily.org>
ServerAdmin (E-Mail Removed)
DocumentRoot /home/me/public_html/family
ServerName www.myfamily.org
ServerAlias myfamily.org *.myfamily.org
ErrorLog /home/me/public_html/family/logs/myfamily-error_log
CustomLog /home/me/public_html/family/logs/myfamily-access_log combined
</VirtualHost>

I can use * in the VirtualHost line, I can use the domain name in the
VirtualHost line, it makes no difference. I can "Listen 80", "listen
mydomain:80", "Listen myfamily.org:80", it makes no difference. The first
Virtualhost eats everything!

What gives? Somebody *please* send me a working httpd.conf file with
Virtualhost directives in it that work for named and not IP based hosts!

God it is late, I gotta go to bed now. The whole day with this and I got
nowhere. <sob!>

--
Of course my email address is invalid.
Email me by assembling this address:
tinykitty /a/t/ ohmster dot com
~Ohmster

Hi Ohmster -

On Mon, 31 May 2004 02:13:46 GMT, Ohmster <(E-Mail Removed)>
wrote:

>>>If I put mydomain first, the family domain does not work. If I put the
>>>family domain first, then mydomain does not work.
>>
>> That behavior definitely sounds like a virtual hosting
>> misconfiguration. Whichever is listed first is the default when there
>> is no host name match. (I use a dummy server first for just that
>> reason.)
>
>Huh? What is a dummy server? I have my httpd.conf file setup to accept
>incomming http requests to my domain and answer them in my server root,
>/var/www/html directory.

Attacks against webservers are generally by IP address with no host
name or a host name that is the IP address or something like that
(unless someone is trying to attack you personally) so my first host
has a name that does not exist in any DNS. The root page contains a
link to my main site, just in case someone is browsing by IP address
to see what they can find. I didn't expect it to ever be used, but I
actually did have one case recently where someone hit my server by IP
address and clicked on the link to my main site. Most of what I see
in the log is script-kiddies aiming at MickeySoft's IIS software and
proxy attempts.

>> Do the error logs showing any configuration error messages? If you
>> run the test option (option -t), what do you get?
>
>No. The error logs gave me a stat error for one of the cgi pages, cgi is not
>running for the family domain yet. What test option? I run httpd as a
>service. You mean do
>service httpd restart -t
>
>How do I use this test?

I mean /usr/sbin/httpd -t
Use the -d option if needed (if you aren't using the default directory
structure).

>> If don't already have it, add the virtual host name and server name to
>> your access log format and see what values you are getting.
>
>Uhm, how do you do that?

\"%{Host}i\"
specifies to place in the log a double quote, the Host from the
received request, and another double quote.
\"%v\"
specifies to place in the log a double quote, the name of the virtual
host that was given the request, and another double quote.

So in the applicable log format, right before the final double quote
that is right before the log format name, you can insert
\"%{Host}i\" \"%v\"
to get this information.

>> What does your NameVirtualHost line look like? With <VirtualHost *>
>> (which is what I use), you should have:
>> NameVirtualHost *
>
>I already took it out because it killed the root server and there was a link
>there to the friend's stationary website in his userdir. Will try it again.
>
>I did this again and *everything* now goes to the family website, even
>regular domain and the web root. ...sigh.

In the virtual hosts section of my conf file I have
NameVirtualHost *
to turn on named virtual hosts for all IP addresses.

Stripping out most of my Redirects and my custom ErrorDocument
handling, here are my virtual hosts:

<VirtualHost *>
ServerName default.ke9nr.net
LogLevel crit
</VirtualHost>

<VirtualHost *>
ServerName www.ke9nr.net
DocumentRoot /save/internet/www/sites/www.ke9nr.net
CustomLog logs/access.log kenlog
ErrorLog logs/error.log
</VirtualHost>

<VirtualHost *>
ServerName ke9nr.net
CustomLog logs/access.log kenlog
ErrorLog logs/error.log
RedirectMatch permanent ^/(.*) http://www.ke9nr.net/$1
</VirtualHost>

<VirtualHost *>
ServerName www.ke9nr.org
CustomLog logs/access.log kenlog
ErrorLog logs/error.log
</VirtualHost>

<VirtualHost *>
ServerName ke9nr.org
CustomLog logs/access.log kenlog
ErrorLog logs/error.log
RedirectMatch permanent ^/(.*) http://www.ke9nr.org/$1
</VirtualHost>

<VirtualHost *>
ServerName [private].ke9nr.net
DocumentRoot /save/internet/www/sites/[private].ke9nr.net
CustomLog logs/saccess.log kenlog
ErrorLog logs/serror.log
</VirtualHost>

Comments:

default.ke9nr.net is my default host. default.ke9nr.net is not in the
DNS. Attacks by IP address end up here.
I have LogLevel crit here so that I don't see all of the errors
generated by the attacks. The other hosts default to using the
LogLevel specified earlier in the conf file, which is LogLevel warn

www.ke9nr.net is my main site.

ke9nr.net redirects everything to www.ke9nr.net

www.ke9nr.org redirects things all over the place based on the
document requested. The site is not active but there are still a lot
of links pointing to it. I removed these redirects because there are
a lot of them and they are irrelevant to the discussion.

ke9nr.org redirects everything to www.ke9nr.org

[private].ke9nr.net is a special virtual host for my network
monitoring service to access to tell if my server is running. I've
removed the actual host name because it's irrelevant to the discussion
and because I don't want anyone accessing it but the monitoring
service.

--
Ken
http://www.ke9nr.net/

Hi Ohmster -

On Mon, 31 May 2004 04:03:00 GMT, Ohmster <(E-Mail Removed)>
wrote:

>I can use * in the VirtualHost line, I can use the domain name in the
>VirtualHost line, it makes no difference. I can "Listen 80", "listen
>mydomain:80", "Listen myfamily.org:80", it makes no difference. The first
>Virtualhost eats everything!
>
>What gives? Somebody *please* send me a working httpd.conf file with
>Virtualhost directives in it that work for named and not IP based hosts!

See my other message, posted about twenty minutes after you posted
this one.

I have Listen 80 in my conf file.

--
Ken
http://www.ke9nr.net/

In alt.apache.configuration Ohmster <(E-Mail Removed)> wrote:
> I cannot get virtualhosts to work right to save my life.

And apparently you can't post once.

Where is the "NameVirtualHost *" entry?

Davide

--
| It would be nice if the Food and Drug Administration stopped issuing
| warnings about toxic substances and just gave me the names of one or
| two things still safe to eat.
|

On Mon, 31 May 2004 00:45:52 GMT, Ohmster <(E-Mail Removed)>
wrote:

>Crossposted to alt.os.linux, alt.apache.configuration,
>comp.os.linux.networking. I really need help and am sorry for crossposting
>but the FAQ says that up to three groups is allowed. I did not set a
>followup.
>
>I read docs, I googled, I tried, I cried. Please help!
>
>I have a redhat 9 server that has worked just fine for years. I connect to
>the internet with the roaring penguin script, my ADSL modem connects via
>ethernet to nic in my redhat machine. 2nd nic connects to hub to act as
>gateway for two XP machines. I run sendmail and use my domain for a mail
>server, apache, and vsftpd.
>
>I have a FQDN from networksolutions and get my DNS from no-ip.com. This has
>always worked very well, I get DNS for my domain, www, ftp, mail, and an MX
>record for sendmail. I have userdirs turned on in httpd.conf and allow
>everything for options so that I can use cgi, both in and out of cgi
>directories, and .htaccess files to control access. I run a family website
>and have run it from my home directroy so the URL to the family site is a bit
>hard to remember. I purchased a family domain name from 000domains.com and
>want to run a virtual host on my machine.
>
>I tried to add my family domain as a cname at no-ip.com but then they want
>another $19 a year. Forget it, this is a zero income project and I cannot
>afford this. I went to zoneedit.com and signed up for DNS for my family
>domain. Now my family domain and my regualar domain both point to my redhat
>machine. I cannot get virtualhosts to work right to save my life.
>
>Should I drop no-ip.com and go over to zoneedit.com and remove my original
>family domain, then setup my regular domain and then add the family domain as
>a cname? Is it wrong to have two DNS services directing two different domains
>to the same IP address? I would then have to go to networksolutions.com and
>change the nameserver for my regular domain.
>
>When I tried to add the virtualhost to my httpd.conf file, I ran into nothing
>but problems. As soon as I add:
>
><VirtualHost *>
>
>to the bottom of my httpd.conf file, it wipes out my root server. This is
>what I have tried...
>
><VirtualHost *>
> ServerAdmin (E-Mail Removed)
> DocumentRoot /home/me/public_html/family
> ServerName www.myfamily.org
> ServerAlias myfamily.org *.myfamily.org
> ErrorLog /home/me/public_html/family/logs/host.myfamily.org-error_log
> CustomLog /home/me/public_html/family/logs/host.myfamily.org.-access_log
>combined
></VirtualHost>
>
><VirtualHost *>
> ServerAdmin (E-Mail Removed)
> DocumentRoot /var/www/html
> ServerName www.mydomain.com
> ServerAlias mydomain.com *.mydomain.com
> ErrorLog /var/log/httpd/error_log
> CustomLog /var/log/httpd/access_log common
></VirtualHost>
>
>If I put mydomain first, the family domain does not work. If I put the family
>domain first, then mydomain does not work.
>
>I also want cgi, both in and out of cgi-bin directories. (The phone book that
>I use is java-cgi and the files for it run cgi scripts but they do not go in
>a cgi-bin directory.
>
>Everything worked so good until I tried to add the family domain. I had to
>take the virtual domains out for now but my family stuff is hosed because it
>is all changed to reflect the new family domain URLs.
>
>Can somebody, please, anybody help with this? What am I doing wrong here? Is
>the asterisk screwing me up in the <VirtualHost *> part?

This is from a fully functioning apache config - mine. Note how the 3
domains are set up, and mind the wordwrap. As for the domain setup,
as long as both domains are properly set up with A records pointing to
the correct ip address, you should be fine. My 3 domains are all set
up thru dyndns.org. If you have any further questions, my email
adress is valid.


# Virtual hosts
#
# NameVirtualHost 192.168.1.2

# Virtual host Default Virtual Host

# NameVirtualHost www.catherders.com
<VirtualHost *:80>
ServerName www.catherders.com
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
welcome.html
LogLevel warn
HostNameLookups on
Documentroot "/home/http"
<Directory "/home/http">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>

</VirtualHost>

# NameVirtualHost www.mwc-enterprises.com
<VirtualHost *:80>
ServerName www.mwc-enterprises.com
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
LogLevel warn
HostNameLookups on
Documentroot "/home/http-mwce"
<Directory "/home/http-mwce">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>
</VirtualHost>

# NameVirtualHost www.njclug.org
<VirtualHost *:80>
ServerName www.njclug.org
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
LogLevel warn
HostNameLookups on
Documentroot "/home/http-njclug"
<Directory "/home/http-njclug">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>
</VirtualHost>

#
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

<Directory "/">
Options FollowSymLinks
AllowOverride None
</Directory>

<Directory "/home/http">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>

<Directory "/home/http-mwce">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>

<Directory "/home/http-njclug">
Options Indexes Includes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>

<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Allow from from all
Order allow,deny
</Directory>

Mike-


--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded, non-attachments,


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

Davide Bianchi <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Where is the "NameVirtualHost *" entry?

At the very bottom of the httpd.conf file.

--
Of course my email address is invalid.
Email me by assembling this address:
tinykitty /a/t/ ohmster dot com
~Ohmster

Ken <ng3122@ke9nr.#nospam#.net> wrote in
news:(E-Mail Removed):

> See my other message, posted about twenty minutes after you posted
> this one.
>
> I have Listen 80 in my conf file.
>

Out the door for work. I was pulling my hair out last night with this. Wish
my nntp server would have carried that post to me sooner. Will try it out
later tonight. Thanks Ken.

--
Of course my email address is invalid.
Email me by assembling this address:
tinykitty /a/t/ ohmster dot com
~Ohmster