You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Brett @Google" <br...@gmail.com> on 2012/03/15 02:35:04 UTC
[users@httpd] apache 2.4 virtualhosts
Hello,
There is an example at : http://httpd.apache.org/docs/2.4/vhosts/name-based.html
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
ServerName www.example.com
ServerAlias example.com *.example.com
DocumentRoot /www/domain
</VirtualHost>
<VirtualHost *:80>
ServerName other.example.com
DocumentRoot /www/otherdomain
</VirtualHost>
I configured something similar, like :
UseCanonicalName Off
# serves a "we dont host this web site error message" by default
<VirtualHost revproxy.internal:80>
ServerName revproxy.internal
ServerAlias *.example.com # if enabled snarfs all traffic, even
test.example.com
RewriteRule ^/ /bad_host_error_page.html [L]
</VirtualHost>
# serves content for test.example.com
<VirtualHost revproxy.internal:80>
RewriteEngine on
ServerName test.example.com
ProxyPass / test.someserver.internal
ProxyPassReverse / test.someserver.internal
</VirtualHost>
The documented becaviour does not seem to be correct. If i comment out
"ServerAlias *.example.com" traffic to test.example.com goes to the
more specific container and others to the default, but only because
"revproxy.internal" is also the name of the server in the global
server configuration, so the first virtualhost also happens to be the
"default" server int he global sense which is what happens because no
ServerName/ServerAlias is matched in the VirtualHosts. This could only
be done once per apache instance, whereas previously it could be done
once for every NameVirtualHost IP that belongs to an apache instance.
Ideally i'd like to do something like (whihc i could do in apache 2.2
- by virtue of NameVirtualHost, and grouping by IP with one as the
default) :
# serve a "we dont host this web site error message" by default for
*.example.com
<VirtualHost revproxy.internal:80>
ServerAlias *.example.com
RewriteRule ^/ /bad_host_error_page.html [L]
</VirtualHost>
# content for test.example.com
<VirtualHost revproxy.internal:80>
ServerName test.example.com
ProxyPass / test.someserver.internal
ProxyPassReverse / test.someserver.internal
</VirtualHost>
# content for test2.example.com
<VirtualHost revproxy.internal:80>
ServerName test2.example.com
ProxyPass / test2.someserver.internal
ProxyPassReverse / test2.someserver.internal
</VirtualHost>
# serve a "we dont host this web site error message" by default for
*.example.net
<VirtualHost revproxy.internal:80>
ServerAlias *.example.net
RewriteRule ^/ /bad_host_error_page.html [L]
</VirtualHost>
# content for test.example.net
<VirtualHost revproxy.qgdevcore.govnet.internal:80>
ServerName test.example.net
ProxyPass / test.someotherserver.internal
ProxyPassReverse / test.someotherserver.internal
</VirtualHost>
# content for test2.example.net
<VirtualHost revproxy.qgdevcore.govnet.internal:80>
ServerName test2.example.net
ProxyPass / test2.someotherserver.internal
ProxyPassReverse / test2.someotherserver.internal
</VirtualHost>
[.. etc ..]
I'm guessing that apache 2.4 does not search for more specific
ServerName if it matches a wildcard ServerAlias ?
I'd like it to work like the docs state, ideally..
Cheers
Brett
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by "Brett @Google" <br...@gmail.com>.
On Thu, Mar 15, 2012 at 7:37 PM, Tom Evans <te...@googlemail.com> wrote:
>> Ideally i'd like to do something like (whihc i could do in apache 2.2
>> - by virtue of NameVirtualHost, and grouping by IP with one as the
>> default) :
>>
>> # serve a "we dont host this web site error message" by default for
>> *.example.com
>> <VirtualHost revproxy.internal:80>
>> ServerAlias *.example.com
>> RewriteRule ^/ /bad_host_error_page.html [L]
>> </VirtualHost>
>>
>> # content for test.example.com
>> <VirtualHost revproxy.internal:80>
>> ServerName test.example.com
>> ProxyPass / test.someserver.internal
>> ProxyPassReverse / test.someserver.internal
>> </VirtualHost>
>>
>> # content for test2.example.com
>> <VirtualHost revproxy.internal:80>
>> ServerName test2.example.com
>> ProxyPass / test2.someserver.internal
>> ProxyPassReverse / test2.someserver.internal
>> </VirtualHost>
>>
>> # serve a "we dont host this web site error message" by default for
>> *.example.net
>> <VirtualHost revproxy.internal:80>
>> ServerAlias *.example.net
>> RewriteRule ^/ /bad_host_error_page.html [L]
>> </VirtualHost>
>>
>> # content for test.example.net
>> <VirtualHost revproxy.qgdevcore.govnet.internal:80>
>> ServerName test.example.net
>> ProxyPass / test.someotherserver.internal
>> ProxyPassReverse / test.someotherserver.internal
>> </VirtualHost>
>>
>> # content for test2.example.net
>> <VirtualHost revproxy.qgdevcore.govnet.internal:80>
>> ServerName test2.example.net
>> ProxyPass / test2.someotherserver.internal
>> ProxyPassReverse / test2.someotherserver.internal
>> </VirtualHost>
>>
>> [.. etc ..]
>>
>> I'm guessing that apache 2.4 does not search for more specific
>> ServerName if it matches a wildcard ServerAlias ?
>>
>> I'd like it to work like the docs state, ideally..
>>
>> Cheers
>> Brett
>>
>
> Any reason why you aren't using the standard recipe?
>
> <VirtualHost *:80>
> # This is the first vhost, and hence the default vhost.
> # Anything not matched by another vhost goes here
> # Note, no server name or server alias
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName foo.example.com
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName foo.example.com
> </VirtualHost>
primarily we want reject clearly which server names we respond to or
not, and we don't want to have to run an excessive number of Apache
instances. we are also not responsible for the back end servers to
whom we redirect, so connectivity to particular entities is already
difficult enough, we want to simplify our config as much as possible
so adding of new reverse proxies is as reproducible and as error free
as we can make it. generally as a rule for backend server for which we
are not responsible, we want a custom error page for the bad gateway
error that points backend connectivity errors to the the support team
of that server.
we also now have a very large number of virtualhosts we need to
migrate over which are structured based of the 2.0 / 2.2
NameVirtualHost paradygm, to something that is not 1:1 compatible with
the NameVirtualHost pattern. the documentation says that you can have
a mix of *.example.com ServerAliases and foo.example.com ServerNames,
but expermentation has shown that a foo.example.com will always be
mapped to the *.example.com serveralias.
we have many reverse proxies for inter connectivity, upwards of 30-40,
but generally we have 3-4 Apache instances with 8-10 listening ip's
each (presently each a NameVirtualHost - with multiple virtualhosts),
grouped by service agreement or owner of the backend server(s) to
which we redirect traffic. having 30 or 40 seperate apache instances
would create a very large memory footprint, that would use excessive
server resources for no good reason.. our internal charging model
penalizes excessive resource consumption.
if the docs were true, we could simulate the old structure by having a
wildard virtualhost for each NameVirtualHost "default" server and
error pages for of each group of related customers, in other words we
would have a config migration path.
my current thought is to have a default container for each ip
(currently are NameVirtualHost's), which does both proxy_express style
reverse proxies and custom error page, with a standard reverse proxy
behavior configured by the map file, and more specific or non-standard
server names added as additional virtual hosts on the same ip (such as
servers splitting the url space to multiple back end servers). it
seems apache 2.4 is a big change in paragdym, in the sense of now
having only one "global" default container, whereas it was possible to
have one default container for each NameVirtualHost ip before.
a map file, configuring maybe 80% of the typical reverse proxy style,
will be simpler to modify and maintain, and only the non-standard
reverse proxy styles would need to have bespoke virtualhosts / reverse
proxy configs.
i have configured a test apache instance, with a default container
that does custom error pages for *.myserver.com, a default
proxy_express behavior configured by a map file, and can have other
virtualhosts that override the default, but i can only do this once
per apache instance, due to the removal of NameVirtualHost. With
NameVirtualHost, we can have a default page several times per apache
instance, for groups of related customers, eg. each of *.myserver1.com
*.myserver2.com, etc., is a group based on a single listening ip but
with multiple virtualhosts split out by the host header.
Cheers
Brett
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Mar 15, 2012 at 1:35 AM, Brett @Google <br...@gmail.com> wrote:
> Hello,
>
> There is an example at : http://httpd.apache.org/docs/2.4/vhosts/name-based.html
>
> <VirtualHost *:80>
> # This first-listed virtual host is also the default for *:80
> ServerName www.example.com
> ServerAlias example.com *.example.com
> DocumentRoot /www/domain
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName other.example.com
> DocumentRoot /www/otherdomain
> </VirtualHost>
>
> I configured something similar, like :
>
> UseCanonicalName Off
>
> # serves a "we dont host this web site error message" by default
> <VirtualHost revproxy.internal:80>
> ServerName revproxy.internal
> ServerAlias *.example.com # if enabled snarfs all traffic, even
> test.example.com
> RewriteRule ^/ /bad_host_error_page.html [L]
> </VirtualHost>
>
> # serves content for test.example.com
> <VirtualHost revproxy.internal:80>
> RewriteEngine on
> ServerName test.example.com
> ProxyPass / test.someserver.internal
> ProxyPassReverse / test.someserver.internal
> </VirtualHost>
>
> The documented becaviour does not seem to be correct. If i comment out
> "ServerAlias *.example.com" traffic to test.example.com goes to the
> more specific container and others to the default, but only because
> "revproxy.internal" is also the name of the server in the global
> server configuration, so the first virtualhost also happens to be the
> "default" server int he global sense which is what happens because no
> ServerName/ServerAlias is matched in the VirtualHosts. This could only
> be done once per apache instance, whereas previously it could be done
> once for every NameVirtualHost IP that belongs to an apache instance.
>
> Ideally i'd like to do something like (whihc i could do in apache 2.2
> - by virtue of NameVirtualHost, and grouping by IP with one as the
> default) :
>
> # serve a "we dont host this web site error message" by default for
> *.example.com
> <VirtualHost revproxy.internal:80>
> ServerAlias *.example.com
> RewriteRule ^/ /bad_host_error_page.html [L]
> </VirtualHost>
>
> # content for test.example.com
> <VirtualHost revproxy.internal:80>
> ServerName test.example.com
> ProxyPass / test.someserver.internal
> ProxyPassReverse / test.someserver.internal
> </VirtualHost>
>
> # content for test2.example.com
> <VirtualHost revproxy.internal:80>
> ServerName test2.example.com
> ProxyPass / test2.someserver.internal
> ProxyPassReverse / test2.someserver.internal
> </VirtualHost>
>
> # serve a "we dont host this web site error message" by default for
> *.example.net
> <VirtualHost revproxy.internal:80>
> ServerAlias *.example.net
> RewriteRule ^/ /bad_host_error_page.html [L]
> </VirtualHost>
>
> # content for test.example.net
> <VirtualHost revproxy.qgdevcore.govnet.internal:80>
> ServerName test.example.net
> ProxyPass / test.someotherserver.internal
> ProxyPassReverse / test.someotherserver.internal
> </VirtualHost>
>
> # content for test2.example.net
> <VirtualHost revproxy.qgdevcore.govnet.internal:80>
> ServerName test2.example.net
> ProxyPass / test2.someotherserver.internal
> ProxyPassReverse / test2.someotherserver.internal
> </VirtualHost>
>
> [.. etc ..]
>
> I'm guessing that apache 2.4 does not search for more specific
> ServerName if it matches a wildcard ServerAlias ?
>
> I'd like it to work like the docs state, ideally..
>
> Cheers
> Brett
>
Any reason why you aren't using the standard recipe?
<VirtualHost *:80>
# This is the first vhost, and hence the default vhost.
# Anything not matched by another vhost goes here
# Note, no server name or server alias
</VirtualHost>
<VirtualHost *:80>
ServerName foo.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName foo.example.com
</VirtualHost>
Cheers
Tom
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
> If i comment out
> "ServerAlias *.example.com" traffic to test.example.com goes to the
> more specific container and others to the default, but only because
> "revproxy.internal" is also the name of the server in the global
> server configuration, so the first virtualhost also happens to be the
> "default" server int he global sense which is what happens because no
> ServerName/ServerAlias is matched in the VirtualHosts.
I think this might be where you're misunderstanding the algorithm.
If the local address and port matches any resolved argument to any
<virtualhost>, it will never use the base server configuration.
Once you've found the best match for a addr:port, httpd chooses from
the virtual hosts with that exact argument in them.
Then servername from that set
If not found, then serveralias from that set
If not found, then default to the first-listed of that set.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
> I think so. This is a paradigm shift for people using NameVirtualHost
> a.b.c.d and taking advantage of the old "default" per-ip container
> for virtualhost patterns matching a.b.c.d. on the same port. The
> wildcard in the first container is what is causing the problem for me.
In 2.4, the only intended difference is that:
* overlaps in virtualhosts creates a corresponding NVH implicitly,
rather than complaining that one is an unreachable non-NVH
* _default_ and * are the same
Do you have a concise 2.2 config that behaves differently in 2.4 and
didn't generate warnings in 2.2?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by "Brett @Google" <br...@gmail.com>.
On Fri, Mar 16, 2012 at 12:38 AM, Eric Covener <co...@gmail.com> wrote:
>> In your example it checks in the virtual hosts matching ip:port in
>> config file order :
>>
>> 1. ServerName www.example.com
>>
>> 2. ServerName gone.example.com
>>
>> 3. ServerName forbidden.example.com
>> ServerAlias *.example.com
>>
>> The wildcard is last in your example, in mine it is first. Is it as
>> simple as changing the order so more specific non-wildcard servernames
>> match first and the wildcard last ? Bummer :)
>
> I'm not sure about wildcard serverlias in first-listed vhost. It's
> _already_ the default for anything that doesn't match another
> serveralias or servername, so you may be covering up subsequent
> specific serveraliases with this wildcard serveralias. Does that
> maybe explain the symptom?
I think so. This is a paradigm shift for people using NameVirtualHost
a.b.c.d and taking advantage of the old "default" per-ip container
for virtualhost patterns matching a.b.c.d. on the same port. The
wildcard in the first container is what is causing the problem for me.
Likewise i think i could simulate multiple "default" sections in
apache 2.4 by having the "default" section i have with the wildcard,
but
with a wildcard serveralias after all the higher priority ServerNames
in that group of vhosts, so that the behavior is similar to the old
2.2 notion of NameVirtualHost.
> I don't think we'll work hard to find a "better" serveralias but I
> have never looked at that part of the resolution. It would be nice to
> document that final part.
Yes i'd agree that there is no need for a code change, a doco change
would solve the problem.
Once people using NameVirtualHost start moving to 2.4 on masse, it
might pop up more often.
Cheers
Brett
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
On Thu, Mar 15, 2012 at 10:24 AM, Brett @Google
<br...@gmail.com> wrote:
> Is order significant ?
I think order is only significant in these cases:
1) the first-listed is the default if no name/alias match
2) if you have duplicate servername/servername or
serveralias/serveralias [untested, presuming consistent results]
>
> In your example it checks in the virtual hosts matching ip:port in
> config file order :
>
> 1. ServerName www.example.com
>
> 2. ServerName gone.example.com
>
> 3. ServerName forbidden.example.com
> ServerAlias *.example.com
>
> The wildcard is last in your example, in mine it is first. Is it as
> simple as changing the order so more specific non-wildcard servernames
> match first and the wildcard last ? Bummer :)
I'm not sure about wildcard serverlias in first-listed vhost. It's
_already_ the default for anything that doesn't match another
serveralias or servername, so you may be covering up subsequent
specific serveraliases with this wildcard serveralias. Does that
maybe explain the symptom?
I don't think we'll work hard to find a "better" serveralias but I
have never looked at that part of the resolution. It would be nice to
document that final part.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by "Brett @Google" <br...@gmail.com>.
Is order significant ?
In your example it checks in the virtual hosts matching ip:port in
config file order :
1. ServerName www.example.com
2. ServerName gone.example.com
3. ServerName forbidden.example.com
ServerAlias *.example.com
The wildcard is last in your example, in mine it is first. Is it as
simple as changing the order so more specific non-wildcard servernames
match first and the wildcard last ? Bummer :)
If so, the example at
http://httpd.apache.org/docs/2.4/vhosts/name-based.html says :
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
ServerName www.example.com
ServerAlias example.com *.example.com
DocumentRoot /www/domain
</VirtualHost>
<VirtualHost *:80>
ServerName other.example.com
DocumentRoot /www/otherdomain
</VirtualHost>
It should probably say :
<VirtualHost *:80>
ServerName other.example.com
DocumentRoot /www/otherdomain
</VirtualHost>
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
ServerName www.example.com
ServerAlias example.com *.example.com
DocumentRoot /www/domain
</VirtualHost>
That makes sense to me, if it is true.. if not i'll ponder it awhile
and post some specific 2.2 and 2.4 configs tomorrow.
I appreciate your help :)
Cheers
Brett
On Thu, Mar 15, 2012 at 11:56 PM, Eric Covener <co...@gmail.com> wrote:
>> I'm guessing that apache 2.4 does not search for more specific
>> ServerName if it matches a wildcard ServerAlias ?
>
> Not sure I'm following what's behaving different. Can you simplify
> your example/claim in both releases?
>
> I couldn't get an unexpected result:
>
> <virtualhost localhost:80>
> ServerName www.example.com
> </virtualhost>
> <virtualhost localhost:80>
> ServerName gone.example.com
> RewriteEngine on
> RewriteRule .* - [G]
> </virtualhost>
> <virtualhost localhost:80>
> ServerName forbidden.example.com
> ServerAlias *.example.com
> RewriteEngine on
> RewriteRule .* - [F]
> </virtualhost>
>
> covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
> forbidden.example.com\r\n\r\n" | nc 0 80
> HTTP/1.1 403 Forbidden
> Date: Thu, 15 Mar 2012 13:54:10 GMT
> Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
> Content-Length: 202
> Content-Type: text/html; charset=iso-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /
> on this server.</p>
> </body></html>
> covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
> gone.example.com\r\n\r\n" | nc 0 80
> HTTP/1.1 410 Gone
> Date: Thu, 15 Mar 2012 13:54:13 GMT
> Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
> Content-Length: 295
> Content-Type: text/html; charset=iso-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>410 Gone</title>
> </head><body>
> <h1>Gone</h1>
> <p>The requested resource<br />/<br />
> is no longer available on this server and there is no forwarding address.
> Please remove all references to this resource.</p>
> </body></html>
> covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
> foo.example.com\r\n\r\n" | nc 0 80
> HTTP/1.1 403 Forbidden
> Date: Thu, 15 Mar 2012 13:54:18 GMT
> Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
> Content-Length: 202
> Content-Type: text/html; charset=iso-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /
> on this server.</p>
> </body></html>
>
> covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
> www.example.com\r\n\r\n" | nc 0 80
> HTTP/1.1 200 OK
> Date: Thu, 15 Mar 2012 13:55:22 GMT
> Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
> Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
> ETag: "2d-4b1790ff95400"
> Accept-Ranges: bytes
> Content-Length: 45
> Content-Type: text/html
>
> <html><body><h1>It works!</h1></body></html>
>
>
> covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
> bar.com\r\n\r\n" | nc 0 80
> HTTP/1.1 200 OK
> Date: Thu, 15 Mar 2012 13:56:06 GMT
> Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
> Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
> ETag: "2d-4b1790ff95400"
> Accept-Ranges: bytes
> Content-Length: 45
> Content-Type: text/html
>
> <html><body><h1>It works!</h1></body></html>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
On Fri, Mar 16, 2012 at 4:08 AM, Brett @Google <br...@gmail.com> wrote:
> <VirtualHost *:80>
> # This first-listed virtual host is also the default for *:80
> ServerName www.example.com
> ServerAlias example.com *.example.com
> DocumentRoot /www/domain
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName other.example.com
> DocumentRoot /www/otherdomain
> </VirtualHost>
>
> Above is not correct, as other.example.com would never have a chance
> to match in the second virtualhost, only the first virtualhost because
> of the wildcard which matches anything that ends in *.example.com, it
> never will even examine the next virtualhost.
I'm surprised to find that serveralias seems to cover up a match for
ServerName, but this isn't a difference in 2.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by "Brett @Google" <br...@gmail.com>.
On Fri, Mar 16, 2012 at 6:41 PM, Eric Covener <co...@gmail.com> wrote:
>> I'm just saying the documentation of the new matching scheme is
>> deceptive, not that any code should be changed..
>
> Operative point I'm trying to make is that there should not be a new
> matching scheme -- at best only new doc that didn't get backported
> since it also dropped _default_ and NameVirtualHost which we're saying
> were basically unnecessary.
Completely agree.. In the end, my only point is that the example in
the doc is counter to
actual behavior, not proposing any code changes :)
A doc change would prevent 2.4 nu bee problems in future ..
Cheers
Brett
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
> I'm just saying the documentation of the new matching scheme is
> deceptive, not that any code should be changed..
Operative point I'm trying to make is that there should not be a new
matching scheme -- at best only new doc that didn't get backported
since it also dropped _default_ and NameVirtualHost which we're saying
were basically unnecessary.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Fwd: [users@httpd] apache 2.4 virtualhosts
Posted by "Brett @Google" <br...@gmail.com>.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
ServerName www.example.com
ServerAlias example.com *.example.com
DocumentRoot /www/domain
</VirtualHost>
<VirtualHost *:80>
ServerName other.example.com
DocumentRoot /www/otherdomain
</VirtualHost>
Above is not correct, as other.example.com would never have a chance
to match in the second virtualhost, only the first virtualhost because
of the wildcard which matches anything that ends in *.example.com, it
never will even examine the next virtualhost.
To fix the example, the order of the two VirtualHost statements just
needs to be reversed (so that other.example.com is tried first, and if
that doesnt match then the wildcard will be tried and will match -
along with anythng else *.example.com).
To reflect the case in the documentation, you could try :
<virtualhost localhost:8181>
ServerName localhost:8181
ServerAlias example.com *.example.com
</virtualhost>
<virtualhost localhost:8181>
ServerName gone.example.com
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
<virtualhost localhost:8181>
ServerName alsogone.example.net
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
And then request gone.example.com, you will get "It works!" instead of
the gone response :
printf "GET / HTTP/1.1\r\nHost:gone.example.com\r\n\r\n" | nc localhost 8181
HTTP/1.1 200 OK
Date: Fri, 16 Mar 2012 07:33:17 GMT
Server: Apache/2.4.1 (Unix)
Last-Modified: Fri, 16 Mar 2012 07:31:37 GMT
ETag: "2d-4bb5732ee9d64"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
^C punt!
If you request alsogone.example.net, you will get the gone response
(as you should expect from gone.example.net).
printf "GET / HTTP/1.1\r\nHost:alsogone.example.net\r\n\r\n" | nc localhost 8181
HTTP/1.1 410 Gone
Date: Fri, 16 Mar 2012 07:36:38 GMT
Server: Apache/2.4.1 (Unix)
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/test.html<br />
is no longer available on this server and there is no forwarding address.
Please remove all references to this resource.</p>
</body></html>
I'm just saying the documentation of the new matching scheme is
deceptive, not that any code should be changed..
Changing the order of the virtualhosts to :
<virtualhost localhost:8181>
ServerName gone.example.com
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
<virtualhost localhost:8181>
ServerName localhost
ServerAlias example.com *.example.com
RewriteRule .* - [F]
</virtualhost>
<virtualhost localhost:8181>
ServerName alsogone.example.net
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
Gives the expected result :
printf "GET /test.html HTTP/1.1\r\nHost:gone.example.com\n\r\n" | nc
localhost 8181
HTTP/1.1 410 Gone
Date: Fri, 16 Mar 2012 08:07:21 GMT
Server: Apache/2.4.1 (Unix)
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/test.html<br />
is no longer available on this server and there is no forwarding address.
Please remove all references to this resource.</p>
</body></html>
^C punt!
Cheers
Brett
---------- Forwarded message ----------
From: Eric Covener <co...@gmail.com>
Date: Thu, Mar 15, 2012 at 11:56 PM
Subject: Re: [users@httpd] apache 2.4 virtualhosts
To: users@httpd.apache.org
> I'm guessing that apache 2.4 does not search for more specific
> ServerName if it matches a wildcard ServerAlias ?
Not sure I'm following what's behaving different. Can you simplify
your example/claim in both releases?
I couldn't get an unexpected result:
<virtualhost localhost:80>
ServerName www.example.com
</virtualhost>
<virtualhost localhost:80>
ServerName gone.example.com
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
<virtualhost localhost:80>
ServerName forbidden.example.com
ServerAlias *.example.com
RewriteEngine on
RewriteRule .* - [F]
</virtualhost>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
forbidden.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 403 Forbidden
Date: Thu, 15 Mar 2012 13:54:10 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
gone.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 410 Gone
Date: Thu, 15 Mar 2012 13:54:13 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 295
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/<br />
is no longer available on this server and there is no forwarding address.
Please remove all references to this resource.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
foo.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 403 Forbidden
Date: Thu, 15 Mar 2012 13:54:18 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
www.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 200 OK
Date: Thu, 15 Mar 2012 13:55:22 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
ETag: "2d-4b1790ff95400"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
bar.com\r\n\r\n" | nc 0 80
HTTP/1.1 200 OK
Date: Thu, 15 Mar 2012 13:56:06 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
ETag: "2d-4b1790ff95400"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--
The only thing that interferes with my learning is my education.
Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache 2.4 virtualhosts
Posted by Eric Covener <co...@gmail.com>.
> I'm guessing that apache 2.4 does not search for more specific
> ServerName if it matches a wildcard ServerAlias ?
Not sure I'm following what's behaving different. Can you simplify
your example/claim in both releases?
I couldn't get an unexpected result:
<virtualhost localhost:80>
ServerName www.example.com
</virtualhost>
<virtualhost localhost:80>
ServerName gone.example.com
RewriteEngine on
RewriteRule .* - [G]
</virtualhost>
<virtualhost localhost:80>
ServerName forbidden.example.com
ServerAlias *.example.com
RewriteEngine on
RewriteRule .* - [F]
</virtualhost>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
forbidden.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 403 Forbidden
Date: Thu, 15 Mar 2012 13:54:10 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
gone.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 410 Gone
Date: Thu, 15 Mar 2012 13:54:13 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 295
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/<br />
is no longer available on this server and there is no forwarding address.
Please remove all references to this resource.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
foo.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 403 Forbidden
Date: Thu, 15 Mar 2012 13:54:18 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Content-Length: 202
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>
</body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
www.example.com\r\n\r\n" | nc 0 80
HTTP/1.1 200 OK
Date: Thu, 15 Mar 2012 13:55:22 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
ETag: "2d-4b1790ff95400"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
covener@cov-t61p:~/SRC/httpd-2.4.x$ printf "GET / HTTP/1.1\r\nHost:
bar.com\r\n\r\n" | nc 0 80
HTTP/1.1 200 OK
Date: Thu, 15 Mar 2012 13:56:06 GMT
Server: Apache/2.4.2-dev (Unix) OpenSSL/1.0.0e
Last-Modified: Fri, 11 Nov 2011 17:43:44 GMT
ETag: "2d-4b1790ff95400"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html
<html><body><h1>It works!</h1></body></html>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org