Multi-Domains on Home Web Server - DNS issues?

40 posts / 0 new
Last post
#1 Wed, 08/20/2008 - 14:38
RainbowViper

Multi-Domains on Home Web Server - DNS issues?

[color=#0000FF]I've searched til I'm blue in the face, no luck with my specific problem.

Scenario:

Home Lan: Gagabit unmanaged switch, into which is plugged my Webserver, a couple NAS devices, a Laptop, Network printer, and Actiontec 701 DSL Modem/Router.

To avoid setting up a million Port Forwards, I put the webserver (192.168.1.200) in the DMZ zone for the Actiontec.

LAN subnet is: 192.168.1.x (currently using x=100-102 for devices, x=200-205 for webserver)

Default Gateway for all LAN devices, including webserver, is 192.168.1.1 and the webserver is using my IPS's DNS servers as "Preferred" and "Alternate" DNS Server.

WAN IP on the Actiontec is my Dedicated IP Number.

I have only ONE dedicated IP number, but that shouldn't be a problem. I have changed my "real" Dedicated IP number in what follows, for security, to 12.34.56.78

At my registrar, I have private nameservers set to:

ns1.mydomain.us 12.34.56.78 ns2.mydomain.us 12.34.56.78

Both have been setup for a week.

All three Domains are using the private nameservers. I had to do it this way since Moniker won't accept a "single" NS pointer, it requires 2. (But I can define the private nameservers to use the same IP. Go figure.)

(My desktop PC is normally plugged into the LAN, as well, but for my tests it's using my other Internet service, isolated on a Comcast Cable Modem. Seperate ISP.)

I have 3 domains I want to host on the webserver (running CentOS 5.2): mydomain.us, mydomain.org, and mydomain.net

I manually setup mydomain.us before installing VirtualMin.

DNS (CHROOOTED BIND9) is working, since I am able to use my desktop to go to http://www.mydomain.us (and see the webpage I setup in /usr/var/html/index.html), as well as access it for FTP (via ftp.mydomain.com) and SSH (via www.mydomain.com).

Contents of that DNS Zone file as follows. **********************************************************[/color] [code:1][color=#FF0000] $ttl 38400 mydomain.us. IN SOA ns1.mydomain.us. admin.mydomain.us. ( 1219107588 10800 3600 604800 38400 ) mydomain.us. IN NS ns1.mydomain.us. mydomain.us. IN NS ns2.mydomain.us. mydomain.us. IN A 12.34.56.78 localhost IN A 127.0.0.1 mydomain.us. IN MX 5 mydomain.us. www.mydomain.us. IN CNAME mydomain.us. mail.mydomain.us. IN CNAME mydomain.us. ns1.mydomain.us. IN A 12.34.56.78 ns2.mydomain.us. IN A 12.34.56.78 ftp.mydomain.us. IN A 12.34.56.78[/color][/code:1]

[color=#0000FF] The above Domain resolves just fine.

I then setup virtual IP's for use with virtual NICS:

(NOTE: SERVER NIC eth0 is set to 192.168.1.200)

eth0:1 set to 192.168.1.201 eth0:2 set to 192.168.1.202 eth0:3 set to 192.168.1.203 eth0:4 set to 192.168.1.204 eth0:5 set to 192.168.1.205

My problem is that the other two domains (mydomain.net and .org) simply won't resolve. They time out.

I THINK I've set them up in Virtualmin as I should, but am not sure. I am still VERY new at this. But they both have Virtual Server entries in Apache, and Zones in BIND DNS. Here's one of them, adjusted for security: *********************************************************[/color]

[code:1][color=#FF0000]$ttl 38400 @ IN SOA ns1.mydomain.us. admin.mydomain.org. ( 1219266602 10800 3600 604800 38400 ) @ IN NS ns1.mydomain.us. mydomain.org. IN A 192.168.1.202 www.mydomain.org. IN A 192.168.1.202 ftp.mydomain.org. IN A 192.168.1.202 m.mydomain.org. IN A 192.168.1.202 localhost.mydomain.org. IN A 127.0.0.1 webmail.mydomain.org. IN A 192.168.1.202 admin.mydomainr.org. IN A 192.168.1.202 mail.mydomain.org. IN A 192.168.1.202 mydomain.org. IN MX 5 mail.mydomain.org. mydomain.org. IN TXT "v=spf1 a mx a:mydomain.org ip4:192.168.1.200 ip4:192.168.1.202 ?all"[/color][/code:1]

[color=#0000FF]When I tried to manually set up the ORG and NET domains, without using VirtualMin, try as I might I couldn't get them to point to seperate directories. They would only resolve to the same directory as the US extension (usr/var/www/html/index.html).

I admit I'm a noob, but this shouldn't be THAT hard. What in the world am I doing wrong?

Thanks in advance.[/color]

Wed, 08/20/2008 - 22:51
David.Strejc

As I don't understand your problem from your description I will only quess what you can do for finding more about problem.

Which machine resolves right IP address. Is box on which you have installed virtualmin able to resolve domains you have setuped?

Log in virtualmin machine and type:

host mydomain.org
host mydomain.com

etc.

If you will receive IP address problem is somwhere else.

It may be in BIND settings.

Can you resolve any IP addres from your laptop for example?
Try:

dig mydomain.org $virtualminserverIP

You can find more.

But if I imagine this - you have LAN and switch connected to router from which you gets WAN connection. So you only have one IP address.
Does your modem forward all traffic to your virtualmin server? I mean DNS (port 53) and all other stuff like POP3 HTTP etc.?

I would be happy if I can help you more - so if you will not be able to find problem and solve it, please write more about it and I will try to help you out.

Thu, 08/21/2008 - 07:11 (Reply to #2)
RainbowViper

[color=#FF0000]Thank you, rawww.

I've done some more experimenting, and my setup above is no longer completely accurate.

But first, host mydomain.xxx returns the same info for all three domains:

[root@server named]# host mydomain.us
mydomain.us has address 12.34.56.78

[root@server named]# host mydomain.org
mydomain.org has address 12.34.56.78

[root@server named]# host mydomain.net
mydomain.net has address 12.34.56.78

12.34.56.78 is my Dedicated IP Number.

And the results of DIG, with mydomain.us substituted for my real Domain's .us name, and 12.34.56.78 substituted for my real Dedicated IP Number:
[/color]
[code:1][color=#008000]
[root@server named]# dig mydomain.us $12.34.56.78
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4129
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.us. IN A

;; ANSWER SECTION:
mydomain.us. 38400 IN A 12.34.56.78

;; AUTHORITY SECTION:
mydomain.us. 38400 IN NS ns2.mydomain.us.
mydomain.us. 38400 IN NS ns1.mydomain.us.

;; ADDITIONAL SECTION:
ns1.mydomain.us. 38400 IN A 12.34.56.78
ns2.mydomain.us. 38400 IN A 12.34.56.78

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 21 10:30:22 2008
;; MSG SIZE rcvd: 117

; <<>> DiG 9.3.4-P1 <<>> mydomain.us 16.17.47.104
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40194
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;16.17.47.104. IN A

;; AUTHORITY SECTION:
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 21 10:30:22 2008
;; MSG SIZE rcvd: 241
[/color][/code:1]
[color=#FF0000]
And here's DIG for mydomain.net (.org produced same result, adjusted for domain name)
[/color]
[code:1]
[color=#008000]
[root@server named]# dig mydomain.net $12.34.56.78
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65293
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.net. IN A

;; ANSWER SECTION:
mydomain.net. 38400 IN A 12.34.56.78

;; AUTHORITY SECTION:
mydomain.net. 38400 IN NS ns1.mydomain.us.
mydomain.net. 38400 IN NS ns2.mydomain.us.

;; ADDITIONAL SECTION:
ns1.mydomain.us. 38400 IN A 12.34.56.78
ns2.mydomain.us. 38400 IN A 12.34.56.78

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 21 10:39:13 2008
;; MSG SIZE rcvd: 133

; <<>> DiG 9.3.4-P1 <<>> mydomain.net 16.17.47.104
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21417
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;16.17.47.104. IN A

;; AUTHORITY SECTION:
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 21 10:39:13 2008
;; MSG SIZE rcvd: 241
[/color][/code:1]
[color=#FF0000]
Since I want to tackle one problem at a time, let's pretend that the only devices on my LAN are the webserver and my printer.

From my Desktop, attached to my Cable Modem and NOT on the LAN. all three domains resolve as of this morning, but they are ALL resolving to the webpages in /var/www/html (at this point, that's better than I was doing yesterday) even though I have a virtual server defined for the .us Domain. I will wait to define Virtual Servers for the .org and .net extensions until I get the .us extension resolving to the right directory. Once I get that working, I'm certain I can get the other two to work.

I'm also certain that I have something misconfigured in that .us virtual server, however, or it WOULD point to /home/(username)/public_html. And maybe solving that ONE problem will let me correctly define the other two I'll need?

Yes, the server is plugged into the switch, and the switch plugged into the router/modem. I have only one dedicated IP number: 12.34.56.78, on the WAN side of the router. The internal network is 192.168.1.x. The server NIC is set to 192.168.1.200, with default gateway 192.168.1.1, and primary/secondary DNS set to my DSL provider's main DNS servers at 12.34.x.x

For now, THE SERVER IS IN THE DMZ for the Router, so no port forwarding is necessary. Every request from the WAN side gets to the server, except for port 9100 which I have defined to forward to my printer on 192.168.1.102. (Printing from the webserver works fine, as does printing from my laptop, so I'm pretty THAT part is set right.)

So, right as I write this......

I have 3 Master Zones defined in BIND. The .us Zone is identical to the first code box in my original post above.

The .net and .org are identical to the .us Zone (adjusted for Domain Name), but do NOT contain the two A records that start with ns1. and ns2.mydomain.us.

NOTE: When I first setup the server, I named it server.mydomain.us and this is the name it wants to use in the very first A record following the SOA. I simply change the "server" to "ns1" throughout the Zone Record, and it works fine.

There's some "connection" between the DNS Zone Records and the Virtual Server(s) that I'm just NOT understanding. Until I get this straight, I'm not using Virtualmin but rather am using Webmin so I can see the records simply and directly. The Mail Servers that will need to be setup are something I will tackle later, too. But for now, I just want to get all three domains resolving and pointing to their "correct" directories under /home/(username)/public_html.

And thanks again for your help so far. I appreciate it.
[/color]

Thu, 08/21/2008 - 07:13 (Reply to #3)
RainbowViper

Sorry, I DO NOT understand why I'm double-posting. I am definitely pushing submit only ONCE.

Thu, 08/21/2008 - 07:18 (Reply to #4)
RainbowViper

Also note that the code box for mydomain.net has an error in it that *I* made.

Anywhere it says 16.17.47.104 that should be 12.34.56.78 and I'd appreciate it if you'd edit it to mask off that IP number. It's too close to my real number for comfort. Thank you.

Thu, 08/21/2008 - 07:28 (Reply to #5)
RainbowViper

Also, I don't know if this helps, but at the bottom of my /etc/httpd/conf/httpd.conf file is this entry for the Virtual Server I manually created:

[code:1]
<VirtualHost 12.34.56.78>
DocumentRoot /home/(xxxx)/public_html
ServerName mydomain.us
<Directory "/home/(xxxx)/public_html">
allow from all
Options Indexes
</Directory>
HostNameLookups on
UseCanonicalName off
Options Indexes
</VirtualHost>
[/code:1]

(xxxx) is the actual username for the directory.

Thu, 08/21/2008 - 12:36 (Reply to #6)
ronald
ronald's picture

under webmin-network configuration
you need the eth0 to point to your hostname, i.e. "server.mydomain.us"
then you need to create 2 virtual interfaces on the eth0, i.e.
eth0:1 (for the ns1 IP)
eth0:2 (for the ns2 IP) even if they're all the same IP's
and check the "Host Addresses" add the hostname and both ns records.

then in virtualmin-system settings-module config you need to add your wan as in one of your zones the internal IP is visible which is incorrect. "Default IP address for DNS records"

Apache will have the internal IP to run on but the zone files need the external IP. I wouldn't use chname btw but just the IP.

in the BIND module you can set the nameserver to what you want it to be.
Click on zone defaults and under "Default nameserver for master domains" use the ns1.domain.us

For the 3 domains you want to host, they'll need to be created by virtualmin so they will be under the /home directory.

when all settings above are correct you could even delete the domains and recreate them new.

Thu, 08/21/2008 - 12:37 (Reply to #7)
ronald
ronald's picture

also <VirtualHost 12.34.56.78> would normally be <VirtualHost 12.34.56.78:80>
as you tell Apache what port to listen to

Thu, 08/21/2008 - 17:05 (Reply to #8)
RainbowViper

Thank you for the help, Ronald, I appreciate it.

I've printed out your replies and will try to make sense of what you suggest.

Note: my FIRST post is incorrect. Ignore all Zone Records contained within it. I've changed things.

My FOLLOWING posts, after rawww's answer, have the correct info, and none of them have the Internal IP number showing, as you thought.

Keep in mind that, until I get the basics straight, I'm only using Webmin to make any changes, and not Virtualmin. Once it's running correctly WITHOUT Virtualmin, I'll start using that. And maybe this whole post belongs in the Webmin section, but I *did* start by trying to use Virtualmin and will want to do so once it's working right. I'll leave that up to the Moderators.

Anyway, I'm already confused by your first instruction to change the ETHx IP's (including eth0 ??) to the External IP number (ns1 and ns2), though, since the webserver still sits *ON* the Internal LAN. (eth0 *does* point to server.mydomain.us already.)

Perhaps I'm completely misunderstanding what you mean, though?

Even though I put it into the DMZ, it's still using the LAN subnet (192.168.1.200) and communicates to the "outside world" ONLY via the Default Gateway (192.168.1.1). It also communicates to my printer via 192.168.1.102:9100, and if I change it then that wouldn't work either.

Let me give you my exact setup as it sits now.

For eth0:
Webmin -> Network Configuration -> Network Interfaces -> eth0 ->
IP Address: 192.168.1.200
Netmask: 255.255.255.0
Broadcast: 192.168.1.255
(MTU, Status, MAC Address): irrelevant

(If I set 192.168.1.200 to 12.34.56.78 (my dedi IP) I don't see how that could possibly still work.)

Webmin -> Network Configuration -> Hostname And DNS Client ->
Hostname: server.mydomain.us
Resolution Order: Hosts DNS
DNS Servers: 127.0.0.1 , 12.34.xx.xx , 12.34.xx.x(x+1) <- my ISP's DNS Servers
Search Domains: mydomain.us

Note also, that all my NS's are the *same* IP number, since I only have one to begin with (12.34.56.78)

When you say:
eth0:1 (for the ns1 IP)
eth0:2 (for the ns2 IP)

Does that means set them to the *external* IP?
(ns1 and ns2 are set at my registrar, and in my Zones, to point to my single dedicated IP.) If I do, won't I have the same problem as I would if I change eth0 to the external IP? I can't see how that would work since, again, the webserver is sitting on the 192.168.1.x subnet.

At the moment, all three Domains *DO* resolve to my webserver, but even though I setup one Virtual Server (mydomain.us) in Apache to use /home/(username)/public_html it still insists on going to /var/www/html to retrieve the pages.

And the other two do as well, but that makes sense since there's no Virtual Server entries for them yet, and they are defaulting to the Default Virtual Server which is defined to /var/www/html.

Sorry if these are such noob questions. I've been a network engineer for many years, but exclusively on LAN's where we only had one subnet. And from what I learned all devices on a LAN, real or Virtual, must use the same subnet, and "leave" the subnet only via a Gateway (or a Bridge).

Thanks in adnvance.

Thu, 08/21/2008 - 23:52 (Reply to #9)
ronald
ronald's picture

as for the eth0 etc. they look fine.
sorry for the confusion, my error was I was looking/explaining from my own production server's view, which has no router (my internal and external are the same)

so you can skip that part however you must put your WAN IP in the module config as posted above. This is necessary for the DNS records. So far you did this manually in the zonefiles, the intention is that VM will do this for you, yes?

Further, assuming there are no bugs, virtualmin module is meant to create, maintain, change, and delete domains on your system, not webmin.

<div class='quote'>Once it's running correctly WITHOUT Virtualmin,</div>
that sounds like the wrong approach, imo.
Virtualmin, again assuming there are no bugs, will create all the correct entries for your domains, postfix, dns etc.

Did you go to Virtualmin-system settings-recheck config? and gives it errors?

Fri, 08/22/2008 - 07:22 (Reply to #10)
RainbowViper

Thanks again, Ronald.

OK, I'll defer to your recommendations on using Virtualmin. If I get it to work, I can always view the underlying configuration through Webmin and see what's been done. So, let's go over the Basics to make sure I have everything set correctly.

First, in Network Configuration -&gt; Network Interfaces, I have:

eth0 at 192.168.1.200, Netmask 255.255.255.0
eth0:0 at 192.168.1.201, Netmask 255.255.255.0
eth0:1 at 192.168.1.202, Netmask 255.255.255.0
eth0:2 at 192.168.1.203, Netmask 255.255.255.0

Next, in Network Configuration -&gt; Hostname and DNS Client, I have:

hostname: server.mydomain.us
resolution order: Hosts DNS
&quot;Update hostname in host addresses if changed?&quot;: is checked.
DNS Servers: 127.0.0.1 12.34.56.121 12.34.56.122 &lt;- last two are my ISP's DNS servers
Search Domain: &quot;Listed&quot; -&gt; mydomain.us

Next, I just re-ran the VM check. It passed all tests. The following 2 lines are the only ones that gave any info which looks &quot;adjustable&quot;:

&quot;Using network interface eth0 for virtual IPs.&quot;

&quot;Default IP address for virtual servers is 192.168.1.200.&quot;

Next, in the VM Config section: &quot;Default IP address for DNS records&quot; is set to my WAN IP (12.34.56.78).

Next, at the moment I have NO Virtual Servers beside the three default ones that all point to /var/www/html.

Next, I have three Zones defined, one each for my Domains.

The .US Zone has the two nameserver definition entries:

ns1.mydomain.com IN A 12.34.56.78
ns2.mydomain.com IN A 12.34.56.78

The .NET and .ORG Zones do not have those two lines, but each entry in all three, that needs to refer to mydomain.us, does. i.e:

mydomain.net. IN SOA ns1.mydomain.us. admin.mydomain.net.
mydomain.net. IN NS ns1.mydomain.us.
mydomain.net. IN NS ns2.mydomain.us.
mydomain.net. IN A 12.34.56.78

All three Zones use 12.34.56.78 for all entries that use an IP number directly.

All three Domains resolve as of this morning, but again, all are being fed the pages in /var/www/html.

(I do know that I'll have to delete those Zones at some point, or Virtualmin won't let me define Virtual Servers that use those Domain Names.)

With all that said, I'd appreciate ANYONE telling me what I'm doing wrong. When I played with Virtual Servers using Webmin, I could get one defined that LOOKED like it should work, but got the webserver error that &quot;I didn't have permission to access / on this server.&quot; (This was actually an improvement: At least it was trying SOME different path to retrieve index.html.)

Thanks in advance!

Fri, 08/22/2008 - 08:09 (Reply to #11)
ronald
ronald's picture

it looks okay although in your case I'm not sure why you would use virtual interfaces.
Apache would have all domains created by virtualmin on the 192.168.1.200 shared IP

is your apache from the virtualmin repo? it would be compiled with suexec pointing to the /home directory as where the &quot;centos apache&quot; is not.

and you are using the GPL version I assume and installed it as a module?

Per haps Eric or Joe can chime in here as well.

Fri, 08/22/2008 - 09:18 (Reply to #12)
RainbowViper

Again thanks, Ronald.

The only reason I setup the 3 Virtual Interfaces is because the Webmin docs hinted at doing so, and the tutorial I'm using (Perfect Server Setup CentOS 5.2 or similar) suggested doing so in order to put each Domain on a seperate IP Number. If I have to delete them I can, no problem.

Yes, my system is the CentOS 5.2 install as suggested in the Tutorial. And yes, suexec is compiled with /var/www as the AP_DOC_ROOT. suexec -V returns that info.

I'm grateful for any help anyone can give me. Since all three Domains *DO* resolve and point to the default Apache webpage, I know I have at least SOMETHING set right. ;)

Fri, 08/22/2008 - 11:27 (Reply to #13)
Joe
Joe's picture

It's far easier to get up and running using our automated install script found on the download page (http://www.virtualmin.com/download.html). While the HOWTOForge article is cool, and I'm happy to see folks tackling different ways of using Virtualmin, it's definitely not a good way for newbies to get started with Virtualmin for the first time. These are complicated problems with complicated solutions...and installation and configuration can be very intimidating. So, I wrote a big hairy scary script to do all of that for you. ;-)

--

Check out the forum guidelines!

Fri, 08/22/2008 - 11:33 (Reply to #14)
Joe
Joe's picture

Now that I've read through a bit more of this thread (long thread is loooooong! I'm still not really caught up), I'm seeing a trend: You're trying to do all of Virtualmins job yourself, and having a hard time getting it all right. Stop trying to do everything yourself...if you want to do that, you don't need Virtualmin butting in!

Virtualmin is perfectly happy to setup your interfaces for you--you just need the one primary interface to start with.

Virtualmin is perfectly happy to manage all of your Postfix virtual maps, your Apache VirtualHosts, your BIND zones, etc.

On this note:

<div class='quote'>The only reason I setup the 3 Virtual Interfaces is because the Webmin docs hinted at doing so, and the tutorial I'm using (Perfect Server Setup CentOS 5.2 or similar) suggested doing so in order to put each Domain on a seperate IP Number. If I have to delete them I can, no problem.</div>

While I haven't read this tutorial in full, this sounds like bad advice. There is no reason (good or otherwise) for putting non-SSL VirtualHosts on separate IP addresses. Let Virtualmin manage your interfaces. If you have multiple IPs and will be using SSL hosts on more than one of them, you'll need to let Virtualmin know about the additional available IPs in the Module Configuration. Otherwise, put everything on one IP and forget that IP addresses exist at all.

--

Check out the forum guidelines!

Fri, 08/22/2008 - 13:27 (Reply to #15)
RainbowViper

Thanks for the suggestions, Joe.

I downloaded the install script. But as much mucking around as I've done so far, would it be better to just reformat the beast and start fresh?

And if so, what programs should I install from the CentOS DVD that I used so far (for god-knows how many reformats), in order to get me to the point that your install script would &quot;take over&quot;?

And yes, I *AM* trying to do many of Virtualmin's tasks, simply because I want to learn how to do it. My skills for Network Engineering are becoming obsolete, since years ago I decided to specialize in Novell (ok, stop laughing you all), and we all know where Novell went.

And no, I don't have multiple Public IP's, I only have the one: 12.34.56.78.

Since the webserver is sitting on my Home LAN, though, I *could* take advantage of nearly unlimited IP's on it if I need to. I set the webserver's one interface to 192.168.1.200 on the LAN, and can't imagine I'll ever get near 192.168.1.254.

Anyway, where do I go from here?

Your help is appreciated. Thank you.

Sat, 08/23/2008 - 10:15 (Reply to #16)
ronald
ronald's picture

if it's no problem to do a fresh OS install then by all means go ahead (i did at least 18 times in my trial and errors when i first started out).
What i did in the end is install centos on a really bare server minimum and let the install script do the rest.

the script installed the Apache, mysql and the rest as I skipped those from the centos installation. Once it was done, I got everything working straight away and could then finetune the virtualmin settings.

I think this was the best approach as until now I have had no serious problems.

Sun, 08/24/2008 - 01:58 (Reply to #17)
ronald
ronald's picture

<div class='quote'>suexec is compiled with /var/www as the AP_DOC_ROOT. suexec -V returns that info</div>
that's wrong.

it should be

[root@sv01 ~]# suexec -V
-D AP_DOC_ROOT=&quot;/home&quot;
-D AP_GID_MIN=100
-D AP_HTTPD_USER=&quot;apache&quot;
-D AP_LOG_EXEC=&quot;/var/log/httpd/suexec.log&quot;
-D AP_SAFE_PATH=&quot;/usr/local/bin:/usr/bin:/bin&quot;
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX=&quot;public_html&quot;

let virtualmin install script install apache

Sun, 08/24/2008 - 08:32 (Reply to #18)
RainbowViper

A fresh install is no problem. God knows I've done it enough already. One more won't matter. ;)

I'll take your suggestion and go from here, sometime today I think.

Thanks again!

Sun, 08/24/2008 - 19:57 (Reply to #19)
RainbowViper

OK, did as suggested. Let the install script install everything, after a bare-bones CentOS install. I made sure &quot;Web Server&quot; was NOT selected, so the installer would install the right Apache itself.

Named the server &quot;server.mydomain.us&quot;, set the NIC to 192.168.1.200/255.255.255.0 which is correct for my LAN. Default Gateway of 192.168.1.1 and DNS Servers xx.xx.3.121 and xx.xx.3.122 (My ISP's DNS Servers).

Didn't create any virtual interfaces.

In Virtualmin -&gt; System Settings-&gt; Module Config, I changed &quot;Default IP Address for DNS Records&quot; to my Public IP (12.34.56.78, not 192.168.1.200).

And it worked, as far as actually installing everything.

But once I created the first Virtual Server with Virtualmin, it still insists on resolving to /var/www/html for the Domains, even though in that server's settings, it's set to point to /home/(username)/public_html.

I can fire up www.mydomain.us and it's found right away, but shows me the index.html in /var/www/html. (mydomain.org and .net aren't resolving yet, and probably won't until sometime tomorrow.)

I'm stumped. This is the same result I got when creating everything manually.

Anyone got any bright ideas? I'm all ears.

Mon, 08/25/2008 - 01:06 (Reply to #20)
ronald
ronald's picture

so you created a domain with mod_fcgid and the /home/mydomain.us was created?
suexec points to /home?
other created domains are also in the /home directory?
how come those doesn't resolve yet as you had them pointing to your server before?

if installation went flawless then default settings should produce a working system.
you need to look into the httpd.conf - section &lt;virtualhost&gt; and see/post what it looks like.

Mon, 08/25/2008 - 08:06 (Reply to #21)
RainbowViper

I created everything through Virtualmin.

And the reason they weren't resolving was because the Zone Records aren't being formed right. There must be some value I haven't entered as a default that's causing this. In each record, the first and second occurence of the domain name was the &quot;@&quot; symbol. i.e.
@ SOA IN ns1.mydomain.us. and then
@ IN A 12.34.56.78 and a couple other places, I think.

The mydomain.us record is the ONLY one that contains the additional two lines:

ns1.mydomain.us. IN A 12.34.56.78
ns2.mydomain.us. IN A 12.34.56.78

Otherwise they are identical except for the domain name.

I remember another post where it said that &quot;@&quot; symbol was wrong. I'll go look up the post.

In the meantime, I again hand-edited each Zone Record to correct its syntax. Once I got it correct, all three Domains reolved perfectly and instantly. Also, www.intodns.com agreed that the records were correct. The only warning I got was about having only one IP Number to work with, but those were &quot;Yellow warnings&quot;, not &quot;Red warnings&quot;.

httpd.conf VirtualHosts section is as follows:

[code:1]
&lt;VirtualHost 12.34.56.78:80&gt;
SuexecUserGroup &quot;#501&quot; &quot;#502&quot;
ServerName mydomain.us
ServerAlias www.mydomain.us
ServerAlias lists.mydomain.us
DocumentRoot /home/(account name)/public_html
ErrorLog /home/(account name)/logs/error_log
CustomLog /home/(account name)/logs/access_log combined
ScriptAlias /cgi-bin/ /home/(account name)/cgi-bin/
ScriptAlias /awstats /home/(account name)/cgi-bin
DirectoryIndex index.html index.htm index.php index.php4 index.php5
&lt;Directory /home/(account name)/public_html&gt;
Options Indexes IncludesNOEXEC FollowSymLinks
allow from all
AllowOverride All
&lt;/Directory&gt;
&lt;Directory /home/(account name)/cgi-bin&gt;
allow from all
&lt;/Directory&gt;
Alias /dav /home/(account name)/public_html
Alias /pipermail /var/lib/mailman/archives/public
&lt;Location /dav&gt;
DAV On
AuthType Basic
AuthName mydomain.us
AuthUserFile /home/(account name)/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
&lt;/Location&gt;
&lt;Files awstats.pl&gt;
AuthName &quot;mydomain.us statistics&quot;
AuthType Basic
AuthUserFile /home/(account name)/.awstats-htpasswd
require valid-user
&lt;/Files&gt;
RedirectMatch /cgi-bin/mailman/([^/]*)(.*) https://mydomain.us:10000/virtualmin-mailman/unauthenticated/$1.cgi$2
RedirectMatch /mailman/([^/]*)(.*) https://mydomain.us:10000/virtualmin-mailman/unauthenticated/$1.cgi$2
&lt;/VirtualHost&gt;
[/code:1]

That's typical of all three domains. Where you see 12.34.56.78, my actual dedicated Public IP appears. Where you see (account name), that's replaced by the actual user name I assigned to the Domain. (The usernames were created by Virtmin, too.) Where you see mydomain.us, that's different in each VirtualHost entry and correct in all three sections as mydomain.us mydomain.org and mydomain.net

Yes, suexec points to home:

[root@server /]# suexec -V
-D AP_DOC_ROOT=&quot;/home&quot;
-D AP_GID_MIN=100
-D AP_HTTPD_USER=&quot;apache&quot;
-D AP_LOG_EXEC=&quot;/var/log/httpd/suexec.log&quot;
-D AP_SAFE_PATH=&quot;/usr/local/bin:/usr/bin:/bin&quot;
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX=&quot;public_html&quot;
[root@server /]#

I'm getting more and more baffled, lol.
Thanks for your help.

Mon, 08/25/2008 - 14:00 (Reply to #22)
Joe
Joe's picture

Virtualmin can't tell what the correct IP for your system is. Is this a virtualized system of some sort? (vservers, or its descendants OpenVZ or Virtuozzo, in particular have this problem because they have oddly named and oddly laid out network interfaces)

Just set it correctly in the Module Configuration in the fields labeled &quot;Network interface for virtual addresses&quot; (which should be the &quot;base&quot; interface...like eth0 or eth1, <i>not</i> eth0:1) and &quot;Default virtual server IP address&quot; which is only needed if the IP you want to use as the default is not the IP found on the interface in the prior option.

If you're on a private network, you also have to fill in the next DNS IP field with your public IP.

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:28 (Reply to #23)
ronald
ronald's picture

the &lt;VirtualHost 12.34.56.78:80&gt; should be &lt;VirtualHost 192.168.1.200:80&gt;

apache listens to internal IP and the WAN should be in the dns records.
this can be done under system settings-module config.

in the server template under BIND dns domain you can add
${DOM}. 38400 IN NS ns2.domain.us.
in the big box. Note the . at the end

the zonefile looks like this

$ttl 38400
@ IN SOA ns.domain.us. postmaster.domain.us. (
2008071801
10800
3600
604800
38400 )
@ IN NS ns.domain.us.
domain.us. IN A 12.34.56.78
www.domain.us. IN A 12.34.56.78
ftp.domain.us. IN A 12.34.56.78
m.domain.us. IN A 12.34.56.78
localhost.domain.us. IN A 127.0.0.1
mail.domain.us. IN A 12.34.56.78
domain.us. IN MX 5 mail.domain.us.
domain.us. IN TXT &quot;v=spf1 a mx a:domain.us ip4:12.34.56.78 ?all&quot;

Mon, 08/25/2008 - 12:00 (Reply to #24)
ronald
ronald's picture

also it doesn't look like you activated mod_fcgid in the server template on creation as that will add following to the directives:

&lt;Directory /home/domain/public_html&gt;
Options Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/domain/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/domain/fcgi-bin/php5.fcgi .php5
&lt;/Directory&gt;
&lt;Directory /home/domain/cgi-bin&gt;
allow from all
&lt;/Directory&gt;
RemoveHandler .php
RemoveHandler .php5

Mon, 08/25/2008 - 18:56 (Reply to #25)
RainbowViper

Well, given what Ronald said, on a hunch I edited httpf.conf directly with vi and replaced 12.34.56.78:80 in all three &lt;VirtualHost&gt; entries with 192.168.1.200:80

And now everything works. Hallelujah! All three domains are now resolving their proper directories of /home/(name)/public_html.

But this brings up the question of why Virtualmin didn't set things correctly to start with. Which leads me to believe I had a wrong address in there somewhere.

I think I'm going to delete all three domains, and try Virtualmin again.

Thank you both for your help. I appreciate it.

I may be back. ;)

Sun, 06/07/2009 - 07:28 (Reply to #26)
RainbowViper

Darnit, edit won't work.

Ronald, how do I &quot;enable mod_fcgid&quot;??

And where *exactly* is the template you mention when you said:

&quot;in the server template under BIND dns domain you can add
${DOM}. 38400 IN NS ns2.domain.us.
in the big box. Note the . at the end&quot;

I can find no server template in BIND. What is the &quot;click-path&quot;?
I'm still learning. ;)

Thanks again.

Mon, 08/25/2008 - 20:41 (Reply to #27)
ronald
ronald's picture

virtualmin - system settings - server templates - default settings - Apache website
on that pade 2/3 down, find &quot;Default PHP execution mode&quot;

Also in the dropdown go to BIND dns domain to add the line in the upper box.

If you are going to host domains for others, you might consider cloning the default template and experiment with that one instead of the default one...

Sun, 06/07/2009 - 07:28 (Reply to #28)
RainbowViper

Again, thanks. This has been very helpful.

I added the line &quot;${DOM}. 38400 IN NS ns2.domain.us.&quot; to the &quot;BIND DNS Domain&quot; (changing the word &quot;domain&quot; to my real domain name).

But on the &quot;virtualmin - system settings - server templates - default settings - Apache website&quot; there is no such checkbox labeled &quot;Default PHP execution mode&quot;.

Did you mean that I should simply add the following lines:

AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/domain/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/domain/fcgi-bin/php5.fcgi .php5

to the window titled &quot;Directives and Settings for New Website&quot;??

Because if there's supposed to be a checkbox labeled &quot;Default PHP execution mode&quot; it simply isn't there.

Sun, 06/07/2009 - 07:28 (Reply to #29)
ronald
ronald's picture

i see, you must be running the gpl version. this has no php execution mode buttons.

Adding those lines won't cut it as far as i know. it also needs the remove handlers and it needs to create the folders and files under the $DOM directory which the gpl version won't do.

it won't matter that much as you want probably only those 3 domains on your system and you can set all directives through httpd.conf in the &lt;virtualhost&gt; part and you can use .htaccess as well.

You can add it in the server template-apache website, stuff like:
php_admin_value memory_limit 32M
php_admin_value enable_dl Off
php_admin_value magic_quotes_gpc On
php_admin_value open_basedir ${HOME}:${HOME}/tmp:/usr/lib/php:/usr/share/pear
of course please do settings and paths to match your system...or use the appropiate webmin module...webmin-servers-apache webserver-click on virtual server for the domain you want to edit-click on PHP icon-add the values you want

mod_fcgi comes in handy if you plan to host many domains and want to give each domain its own php.ini file.

Sun, 06/07/2009 - 07:28 (Reply to #30)
ronald
ronald's picture

i see, you must be running the gpl version. this has no php execution mode buttons.

Adding those lines won't cut it as far as i know. it also needs the remove handlers and it needs to create the folders and files under the $DOM directory which the gpl version won't do.

it won't matter that much as you want probably only those 3 domains on your system and you can set all directives through httpd.conf in the &lt;virtualhost&gt; part and you can use .htaccess as well.

You can add it in the server template-apache website, stuff like:
php_admin_value memory_limit 32M
php_admin_value enable_dl Off
php_admin_value magic_quotes_gpc On
php_admin_value open_basedir ${HOME}:${HOME}/tmp:/usr/lib/php:/usr/share/pear
of course please do settings and paths to match your system...or use the appropiate webmin module...webmin-servers-apache webserver-click on virtual server for the domain you want to edit-click on PHP icon-add the values you want

mod_fcgi comes in handy if you plan to host many domains and want to give each domain its own php.ini file.

Tue, 08/26/2008 - 13:07 (Reply to #31)
ronald
ronald's picture

running in mod_php is a right way. the domains will run as apache were as with mod_fcgid the domains will run as their respective owner.
Both have pro's and cons.

If you really want to run in mod_fcgid the good way to do it is to upgrade to VM Pro imo.

PHP is on in both modes.. it means how scripts are executed.
as apache (1 php.ini) or as domain owner (each has php.ini)

if you intend to run only a few domains why not use it as it is?

Tue, 08/26/2008 - 13:44 (Reply to #32)
RainbowViper

Well, this whole project is only an exercise for my education.

The domains belong to me, and are unused. The DSL service I'm already paying for, and the comnputer was built from &quot;leftovers&quot; I have here.

I hope to translate what I learn into a paying enterprise, but for now it's being done without spending any money and that's a requirement since my finances are next to nothing.

That's why I'd like to learn how to set things up in various ways, and mod_fcgid seems to be one of those options.

On a positive note, Virtualmin handled everthing ELSE perfectly. The SSH, FTP and now Email are working perfectly.

I just wish I knew what it was I originally set wrong, because at first the Virtual Servers *WERE* using the Private IP of 192.168.1.200 but they weren't even resolving, so I changed the adresses to my Public IP. Now they're using that LAN number again and they *ARE* working. Owell. A learning experience, like I said.

I appreciate the help that you and Joe have given me.

Thank you both, very much.

Tue, 08/26/2008 - 18:59 (Reply to #33)
RainbowViper

OK, I do have a problem after all. The editing I did to httpd.conf to fix the problem originally, apparently wasn't the only thing wrong. I deleted one domain, and recreated it, then made the changes to the DSN Zone that I had to do before(Virtmin still puts that @ symbol in there, and that just won't wotk). But then checked httpd.conf, and this time the IP address WAS the same as the existing two that DO work.

I had just ONE thought as to why it isn't working: When you delete a Comain, then recreate it immediately, will it still have a propagation delay of x hours, perhaps due to the new serial number of the virtual server? If so, perhaps this will start working tomorrow? www.intodns.com says all the settings are correct.

I am SO confused at this point, lol.....

Tue, 08/26/2008 - 19:20 (Reply to #34)
RainbowViper

Well, I may have been on to something. The new Domain now resolves.

So, I'm left with just the first problem:

SOMEWHERE there's a setting I need to change, to get rid of that @ symbol in the newly-created DNS Zone Record.

Any suggestions where to look?

Thanks again.

Tue, 08/26/2008 - 22:27 (Reply to #35)
ronald
ronald's picture

Basically what went wrong is the apache suexec was pointing to /var/www instead of home. By installing on a minimum OS with the install.sh, this issue was tackled.

secondly because you are behind a router you need to tell VM about it in that module config.

Now that you have a working system, it is time to finetune it. For the @ in bind, check all your settings in the modules and server template. Clone the template and use that cloned template to create different domains with different settings.

simply create subservers on top level, i.e test.domain.us (so not as subdomain but as sub server on top level)

Also it would be wise to catch up on the documentation site http://www.virtualmin.com/documentation/ to get some ideas of what is possible.

Wed, 08/27/2008 - 07:23 (Reply to #36)
RainbowViper

Thanks again, Ronald. I'll clone a template and experiment with it.

At this point, it appears the only remaining problem is the @ symbol. I can always override that with a template that uses a complete replacement of the default DNS Zone build, but I'd like to nail it down to where it doesn't NEED the replacement for that part.

I'll forge ahead!

Wed, 08/27/2008 - 07:39 (Reply to #37)
ronald
ronald's picture

not sure what you mean with the @ symbol as it is fine in the zone.
This is one of mine
server.nl is the box
domain.be the clients domain

<div class='quote'>
$ttl 10H
@ IN SOA ns1.server.nl. postmaster.server.nl. (
2008063001
4H
1H
1W
10H )
@ IN NS ns1.server.nl.
@ IN NS ns3.server.nl.
domain.be. IN A 12.34.56.78
www.domain.be. IN A 12.34.56.78
ftp.domain.be. IN A 12.34.56.78
m.domain.be. IN A 12.34.56.78
localhost.domain.be. IN A 127.0.0.1
mail.domain.be. IN A 12.34.56.78
domain.be. IN MX 5 mail.domain.be.
domain.be. IN TXT &quot;v=spf1 a mx a:domain.be ip4:12.34.56.78 ?all&quot;
domain.be. IN NS ns2.server.nl.
domain.be. IN MX 10 ns3.server.nl.</div>

Sun, 06/07/2009 - 07:28 (Reply to #38)
RainbowViper

Not sure why, but in my setup the @ symbol just doesnt work. The Domain won't resolve unless I replace all @ symbols with the correct Domain name.

But I created a new server template per your suggestion (thanks again) and in the DNS BIND Section put the following:

[code:1]
$ttl 38400
${DOM}. IN SOA ns1.mydomain.us. admin.${DOM}. (
1219107587
10800
3600
604800
38400 )
${DOM}. IN NS ns1.mydomain.us.
${DOM}. IN NS ns2.mydomain.us.
${DOM}. IN A 12.34.56.78
localhost IN A 127.0.0.1
${DOM}. IN MX 5 ${DOM}.
www IN CNAME ${DOM}.
mail IN CNAME ${DOM}.
ftp IN CNAME ${DOM}.
[/code:1]
and this works perfectly. I deleted and recreated all 5 Domains (I added 2 more) about an hour ago, and they all work like a champ. The Mail works, too. Imagine that. ;)

Now I want to tackle getting phpMyAdmin installed. I saw it mentioned elsewhere on this site, so I'm assuming this is something I can accomplish.

Thanks again for all your help. And Joe, too!

Tue, 08/26/2008 - 09:03
RainbowViper

Well, I'd just as soon do this right, for my own education if nothing else.

I believe I have PHP set globally ON, since in

/etc/httpd/conf.d/php.conf

the AddHandler and AddType lines are NOT commented out.

How do I remove the gpl version and replace it with a &quot;correct&quot; one?

Thanks in advance, once again.

Topic locked