Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
K. A.2018-10-23 14:54:57
Apache HTTP Server
K. A., 2018-10-23 14:54:57

Why is httpd (apache) returning the wrong site?

I got a server with an old ISPManager (4), besides, somewhere broken - because it does not allow you to configure configs and SSL certificates, etc.
There are 2 domains on the server: example.ru and m.example.ru
They worked on HTTP and everything was fine, HTTPS was required - this is where difficulties arose.
I received a certificate from LetsEncrypt, for all domains and subdomains at once. In the /etc/httpd/conf/httpd.conf file, I manually registered virtual hosts (for some reason this version of the panel writes everything in one config), it looks like this:

...
<VirtualHost 12.34.56.78:8080>
  ServerName example.ru
  DocumentRoot /var/www/admin/data/www/example.ru
  SuexecUserGroup admin admin 
  CustomLog /var/www/httpd-logs/example.ru.access.log combined
  ErrorLog /var/www/httpd-logs/example.ru.error.log
  ServerAdmin [email protected]
  php_admin_value open_basedir "/var/www/admin/data:."
  php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
  php_admin_value upload_tmp_dir "/var/www/admin/data/mod-tmp"
  php_admin_value session.save_path "/var/www/admin/data/mod-tmp"
  AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
  AddType application/x-httpd-php-source .phps
  DirectoryIndex index.php
  AddDefaultCharset utf-8
  ServerAlias www.example.ru
  ScriptAlias /cgi-bin/ /var/www/admin/data/www/example.ru/cgi-bin/
</VirtualHost>

<VirtualHost 12.34.56.78:8080>
  ServerName m.example.ru
  DocumentRoot /var/www/admin/data/www/m.example.ru
  SuexecUserGroup admin admin 
  CustomLog /var/www/httpd-logs/m.example.ru.access.log combined
  ErrorLog /var/www/httpd-logs/m.example.ru.error.log
  ServerAdmin [email protected]
  php_admin_value open_basedir "/var/www/admin/data:."
  php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
  php_admin_value upload_tmp_dir "/var/www/admin/data/mod-tmp"
  php_admin_value session.save_path "/var/www/admin/data/mod-tmp"
  AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
  AddType application/x-httpd-php-source .phps
  DirectoryIndex index.php
  AddDefaultCharset utf-8
  ScriptAlias /cgi-bin/ /var/www/admin/data/www/m.example.ru/cgi-bin/
</VirtualHost>

<VirtualHost 12.34.56.78:443>
  ServerName example.ru
  DocumentRoot /var/www/admin/data/www/example.ru
  SSLEngine on
  SSLCertificateFile /var/www/httpd-cert/ssl/certificate.crt
  SSLCertificateKeyFile /var/www/httpd-cert/ssl/private.key
  SSLCACertificateFile /var/www/httpd-cert/ssl/ca_bundle.crt
  SuexecUserGroup admin admin 
  CustomLog /var/www/httpd-logs/example.ru.access.log combined
  ErrorLog /var/www/httpd-logs/example.ru.error.log
  ServerAdmin [email protected]
  php_admin_value open_basedir "/var/www/admin/data:."
  php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
  php_admin_value upload_tmp_dir "/var/www/admin/data/mod-tmp"
  php_admin_value session.save_path "/var/www/admin/data/mod-tmp"
  AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
  AddType application/x-httpd-php-source .phps
  DirectoryIndex index.php
  AddDefaultCharset utf-8
  ServerAlias www.example.ru
  ScriptAlias /cgi-bin/ /var/www/admin/data/www/example.ru/cgi-bin/
</VirtualHost>

<VirtualHost 12.34.56.78:443>
    ServerName m.example.ru
  DocumentRoot /var/www/admin/data/www/m.example.ru
  SSLEngine on
  SSLCertificateFile /var/www/httpd-cert/ssl/certificate.crt
  SSLCertificateKeyFile /var/www/httpd-cert/ssl/private.key
  SSLCACertificateFile /var/www/httpd-cert/ssl/ca_bundle.crt
  SuexecUserGroup admin admin 
  CustomLog /var/www/httpd-logs/m.example.ru.access.log combined
  ErrorLog /var/www/httpd-logs/m.example.ru.error.log
  ServerAdmin [email protected]
  php_admin_value open_basedir "/var/www/admin/data:."
  php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f [email protected]"
  php_admin_value upload_tmp_dir "/var/www/admin/data/mod-tmp"
  php_admin_value session.save_path "/var/www/admin/data/mod-tmp"
  AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
  AddType application/x-httpd-php-source .phps
  DirectoryIndex index.php
  AddDefaultCharset utf-8
  ScriptAlias /cgi-bin/ /var/www/admin/data/www/m.example.ru/cgi-bin/
</VirtualHost>

Include conf.d/*.conf
...

After restarting the daemon, we get:
via http - both sites open as expected, and via https on both domains, a site located on example.ru opens, incl. for the domain m.example.ru
Rearranging the places of the terms, as you know, does not change anything (but I checked it anyway). I know that Apache, when it catches a request to an unknown address, takes the first one in the list in the settings, but I have prescribed virtual hosts for both domains. Actually, where else can you drop? Picked configs that will be connected from the config.d folder, but did not bring results...
Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Viktor Taran, 2018-10-24
@shambler81

Unfortunately, you do not understand the work of https;)
By default, to save white IPs, Apache learned to put all sites on one IP and on the same port, for this they came up with a crutch, it takes the host from the referee and substitutes
the desired config But when working through https
The connection, as you understand, is established BEFORE receiving this referee.
As a result, there is no technical possibility to get the host first and find the config using it.
Therefore (do not ask me why this is a mystery covered in darkness)
instead of saying I honestly don’t know where to get the keys, he looks for the NEAREST keys that he finds (in alphabetical order and substitutes them everywhere
And since the port listens, ALL sites on the server receive port 443, as a result, the only keys at all;) well, yes, the root document trailer can grab this number.
ps
Rearranging the places of the terms in this case somehow decides everything;)
1. Delete all keys like the default ssl.conf, make sure that there are no left keys.
2. Each site has its own, try to run a separate subdomain without first checking that all keys work on it.
3. on sites without https at all, put a stub that will force the keys and return 404.
4. as an optional third point, enable ssl.conf but calling it 000-ssl.conf gygy;) now its keys will be the first ones that come across;)
5. if nothing helps at all, then you can separate them by IP, then they will have no way out, because different ports on different IPs will be listened to.
For example, like this

12.34.56.78:443
12.34.56.79:443

or if you have nginx + apache
12.34.56.78:443
12.34.56.78:444

Similar questions
N
nojoke2014-06-14 15:16:33
Can't change file permissions with php chmod? 3Reply
D
Danil Chekalin2014-06-16 20:39:24
How to force php build-in server to return non-existent static? 2Reply
S
Sergey2014-06-16 22:14:41
How to screw PHP 5.5.13 to Apache 2.2.25? 0Reply
M
Mikhail Smirnov2018-12-13 14:34:57
How to see if there is a request for a domain? 1Reply
@
@crasyprof2016-07-17 20:00:25
How to switch between php versions in apache2 (ubuntu)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question