Whoops, I can tell cPanel which IP address to use but I can't pick both of them. So Apache doesn't have an entry for the second IP address. I can manually add one, but the problem is it'll get replaced every night with one generated from the templates. I might be able to just manually edit the template and add a line that adds the VirtualHost entry for the second IP address, but I'm not exactly sure how I'd do it.
The templates are a bit weird. Here's what the beginning of the ssl_vhost.local template. <VirtualHost[% FOREACH ipblock IN vhost.ips %] [% ipblock.ip %]:[% ipblock.port %][% END %]> # Enable HTTP Strict Transport Security Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" ServerName [% wildcard_safe(vhost.servername) %] [% IF vhost.serveralias_array.size -%] [% FOREACH alias IN vhost.serveralias_array -%] ServerAlias [% alias %] [% END -%] [% ELSE -%] ServerAlias [% vhost.serveralias %] [% END -%] There's a bunch of templates, like main.default, vhost.default and ssl_vhost.default. If I want to customize them, I make a copy and replace the .default extension with the .local extension and then cPanel will use my custom .local instead of the .default. I think we're good though. If I had Apache listening on the second IP address, I think everything would have been fine. I believe I accomplished what I wanted to accomplish. When we move into the new house, I'll setup a server in the work room and I'll get a static IP and try again then, with two different servers instead of one. Thanks for all the help! On Thu, Jul 21, 2016 at 2:00 PM, Spork Schivago <sporkschiv...@gmail.com> wrote: > Okay, I do think it was working correctly. I think that's why I was > getting the ERR_SSL_PROTOCOL_ERROR in Chrome when I went to my site when > I had the second IP address added, but other users weren't. I think the > users getting the error message in Chrome were pulling the second IP > address from their DNS servers, but the people who successfully could go to > their site where getting the first IP address and could successfully see my > site. > > I can try to explain the cPanel / Apache stuff a bit better. I have an > Apache config file, /usr/local/apache/conf/httpd.conf. There's a bunch > of comments that say don't edit this file directly. Use the cPanel > interface or the "templates". cPanel has these templates and we run a > script to rebuild the config file. It'll automatically populate it with > stuff like: > > <VirtualHost 104.238.117.105:443> > > I can tell cPanel which IP address to use but I can't pick both of them. > So Apache doesn't have > > > On Thu, Jul 21, 2016 at 2:49 AM, Matus UHLAR - fantomas <uh...@fantomas.sk > > wrote: > >> On 20.07.16 21:40, Spork Schivago wrote: >> >>> I don't remember the tools, but I know that the way cPanel handles stuff >>> with Apache, it broke my website for me. Using the cPanel / WHM >>> interface, I could tell Apache to listen on one IP or the other, not >>> both, >>> unfortunately. Some people (my wife's cell for instance) could make it >>> to >>> my site, but on her laptop, I could not. I believe this is because I >>> redirect everything to port 443 and the SSL certs were setup for the >>> first >>> IP, not the second. >>> >> >> huh? SSL certs should be created with required hostname, e.g. >> franklin.jetbbs.com in CommonName - not the IPs. >> you just need transfer both public and private keys to other server... >> just watch out if you don't make the private key available to others. >> >> I believe when I assigned the second IP address to >>> the A record jetbbs.com, sometimes I'd go to the first IP and Apache >>> would >>> pick it up, other times, I'd go to the second IP and Apache wouldn't know >>> how to handle it. Maybe it was because the SSL certs were created when >>> I >>> only had the one IP, I don't know. But it really messed things up and I >>> had to remove the second IP again. I think if I manually edited the >>> httpd.conf file and regenerated the SSL certs, things might have started >>> working. >>> >> >> this is your problem. don't generate ssl keys when adding IPs. >> >> >> -- >> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ >> Warning: I wish NOT to receive e-mail advertising to this address. >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >> We are but packets in the Internet of life (userfriendly.org) >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
