Creating a Virtual Host IP

18 posts / 0 new
Last post
#1 Fri, 09/11/2009 - 15:09
hapa604

Creating a Virtual Host IP

I'm running multiple websites on a single server with one dedicated IP address from my ISP. I'd like to create a virtual host with a new local ip in order to run SSL for the second domain (ssl is already installed for another domain and local IP). The problem is after creating the virtual host and then assigning my new site to use this IP, when I try to enter the website through the domain, all I see is the "It Works!" default apache page.

What have I done wrong or what other steps do I need to take?

Fri, 09/11/2009 - 15:14
hapa604

I should mention the site was up and running under the local ip ending in .199 and now I have set it to use .198.

Fri, 09/11/2009 - 22:18
andreychek

Howdy,

You may want to take a peek in here:

http://www.virtualmin.com/documentation/web/troubleshooting

Under the section "The Wrong Site Shows Up" -- it sounds like one or more of the IP addresses set in your Apache config may be incorrect.

-Eric

Sat, 09/12/2009 - 17:53 (Reply to #3)
hapa604

I've made sure not to use * and all of the IPs are matching. Any chance I can provide you with SSH access to have a look?

Tue, 09/15/2009 - 00:28
hapa604

btw, in my default apache file I have <VirtualHost ..*.199:80> // full ip used in actual file

and it points to /var/www/

which is where the default index.html file is.

In the conf file for my domain I am using 198:80

Tue, 09/15/2009 - 00:46
hapa604

Alright I'm not getting anywhere so I will paste all of my settings here:

apache2.conf:

ServerRoot "/etc/apache2" LockFile /var/lock/apache2/accept.lock PidFile ${APACHE_PID_FILE} TimeOut 300 KeepAlive on MaxKeepAliveRequests 100 KeepAliveTimeout 15 StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} AccessFileName .htaccess Order allow,deny Deny from all DefaultType text/plain HostnameLookups Off ErrorLog /var/log/apache2/error.log LogLevel warn Include /etc/apache2/mods-enabled/.load Include /etc/apache2/mods-enabled/.conf Include /etc/apache2/httpd.conf Include /etc/apache2/ports.conf LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined Include /etc/apache2/conf.d/ Include /etc/apache2/sites-enabled/

httpd.conf:

NameVirtualHost 192.168.1.199:80 NameVirtualHost 192.168.1.199:443 NameVirtualHost 192.168.1.198:80 NameVirtualHost 192.168.1.198:443

ports.conf:

Listen 192.168.1.199:80 Listen 192.168.1.199:443 Listen 192.168.1.198:80 Listen 192.168.1.198:443

in each of my virtual hosts:

...

in the virtual host with the new ip:

... ...

So again the problem is when I try to browse the site which is on the 198 IP, I am directed to a website on the 199 IP...

Tue, 09/15/2009 - 09:57
andreychek

Howdy,

My hunch is that the requests aren't ending up on the correct IP address.

However, I'm trying to wrap my head around your setup/architecture there, so bear with me :-)

The IP addresses you're listing above -- are those the actual ones being used on your server (and not just examples)?

If so, that suggests that you have another system in front of your server, perhaps forwarding requests to your server?

If that's the case -- in most cases it would need two different IP addresses on it in order to be able to forward to the correct IP of your server (unless you're doing some sort of special proxying/filtering there).

So my suggestions are:

  1. Make absolute certain that the requests are going to the correct IP address; verify the DNS for the domains, and check with any systems that you have doing forwarding to make sure they're forwarding to the correct IP.

  2. Verify that the domain in question is listed as either the "ServerName" or "ServerAlias" in your Apache config file.

    -Eric

Tue, 09/15/2009 - 11:17
hapa604

I have a wired router with a static ip address connected to the server. The DNS for the domains is pointed to the static IP address. On the machine I've setup both local IP addresses in the interfaces file.

For the ServerName would I just put domain.tld?

Tue, 09/15/2009 - 11:35
andreychek

Hmm...

So you have two IP addresses on your server, but only one on your router, it sounds like -- how does your router know whether to route a given request to one IP on your server versus the other?

As far as the ServerName/ServerAlias in the Apache config goes -- that part is normally handled by Virtualmin -- I'm just suggesting that you may want to take a peek in the config file and make sure it's there as you'd expect.

-Eric

Tue, 09/15/2009 - 12:11
hapa604

Yes, the servername and serveralias are already there.

I've setup both local IPs in /etc/network/interfaces which I thought was sufficient. Is there something I need to be doing on my router as well?

Tue, 09/15/2009 - 12:20
andreychek

Howdy,

I've setup both local IPs in /etc/network/interfaces which I thought was sufficient.

That is indeed step 1! There's a step 2 though --

Is there something I need to be doing on my router as well?

Well, here's the thing... lets say you have the domain "example2.com" setup in Apache, using something like .

The key there is that it's on .199.

If your router is only forwarding requests into .198, Apache won't ever notice the VirtualHost block for example2.com, as it's on a different IP.

So somehow, you need your router to know which IP on your server to be forwarding the requests to.

Barring a really intelligent router, the only real way to do that would be to have two IP addresses assigned to your router. Requests going to IP address #1 would get forwarded to the .198 address, and requests going to IP address #2 would be forwarded to the .199 address.

Does that make sense?

-Eric

Tue, 09/15/2009 - 13:00
hapa604

I've changed the ports for 198 and they are properly forwarded in the router, but it is still the same.

Tue, 09/15/2009 - 13:14
andreychek

Howdy,

Okay, I may need to hear some more details on how your router is setup, and what's going where.

Let's take the following info:

  1. We have example1.com, with IP 192.168.1.198

  2. We have example2.com, with IP 192.168.1.199

  3. We have a router with one external IP address, x.y.z.q.

Both example1.com and example2.com would resolve to the one external IP, x.y.z.q.

And it sounds like you've configured the router to forward requests in to your server, based on the ports requests are coming into.

Can you describe your router setup in detail, going over how your forwarding is setup? What ports are being forwarded, and to where exactly?

Thanks!

-Eric

Tue, 09/15/2009 - 19:37
hapa604

I'm using the Cisco RVS4000 with ports 80 and 443 forwarded to 192.168.1.199. I've got ports 8081 and 2443 forwarded to 192.168.1.198.

Note: My Apache configuration files are also referencing these ports.

Tue, 09/15/2009 - 20:30
hapa604

Eric, my router supports remote management, would you like to take a look?

Tue, 09/15/2009 - 21:25
hapa604

This is interesting, I'm able to connect via the ftp to the correct folder through ftp.domain.tld... Shouldn't this be an issue as well if the router were the problem?

Edit: Actually, it would know because of the username...

Mon, 09/28/2009 - 01:25
hapa604

As per private discussion with Eric, we determined that I couldn't have SSL on a second website without a second external IP anyways.

So, I purchased an CISCO SD2008 8-Port switch and connected by Debian box directly to it with a single NIC. Within my interfaces file I have added the ip-alias as eth0:0 and made sure that everything else in the file is correct.

Finally, I updated all of my apache configuration files to reflect the secondary ip.

The issue I am having now, and for which eric is also unable to find a solution, is that I cannot ping the box on the eth0:0 IP.

Is there something wrong with my setup? Do I need to have a second NIC and use two ports on the switch rather than one???

Mon, 09/28/2009 - 15:49
hapa604

Update, in private conversation Eric has said that everything is setup fine and I do not need a second NIC.

So, I am completely lost with why I cannot ping the IP alias on the box when everything in ifconfig is proper and both the interfaces are listed...