On Mon, Oct 6, 2025 at 5:12 PM Bret Stern <[email protected]>
wrote:
> Frank,
>
> I added the original mail.domain.com virt host conf file back and now my
> postfixadmin stuff has reverted to
> the wrong DocumentRoot and isn't working.
>
> Here are the VirtHost files. The names of the files does not matter
> correct..they can be www.domain.com.conf or
> somename.conf, right?
>
> First virt host config for postfixadmin
> <VirtualHost *:80>
> SSLProxyEngine on
> ServerName postfixadmin.domain.com
> ProxyPreserveHost On
> ServerAlias www.postfixadmin.domain.com
> DocumentRoot /var/www/postfixadmin/public
>
> <Directory /var/www/postfixadmin/public>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
>
> ErrorLog /var/log/httpd/postfixadmin-error.log
> CustomLog /var/log/httpd/postfixadmin-access.log combined
> RewriteEngine on
> RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com [OR]
> RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </VirtualHost>
>
> second virt host config for mail
> <VirtualHost *:80>
> SSLProxyEngine on
> ServerName mail.domain.com
> ProxyPreserveHost On
> ServerAlias www.mail.domain.com
> DocumentRoot /var/www/html
>
> <Directory /var/www/html>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
>
> ErrorLog /var/log/httpd/mail-domain-error.log
> CustomLog /var/log/httpd/mail-domain-access.log combined
> RewriteEngine on
> RewriteCond %{SERVER_NAME} =www.mail.domain.com [OR]
> RewriteCond %{SERVER_NAME} =mail.domain.com
> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </VirtualHost>
>
>
>
>
>
>
> This is my httpd -S readout for the internal server. Wondering if anything
> here is obvious. I don't
> read this stuff enough to know. So appreciate the eyes.
>
> Not sure what's causing the "already loaded" line below.
>
> [Mon Oct 06 13:50:40.068370 2025] [so:warn] [pid 10702:tid 10702] AH01574:
> module proxy_http_module is already loaded, skipping
> VirtualHost configuration:
> *:80 is a NameVirtualHost
> default server mail.domain.com
> (/etc/httpd/conf.d/mail.domain.com.conf:1)
> port 80 namevhost mail.domain.com
> (/etc/httpd/conf.d/mail.domain.com.conf:1)
> alias www.mail.domain.com
> port 80 namevhost postfixadmin.domain.com
> (/etc/httpd/conf.d/postfixadmin.conf:1)
> alias www.postfixadmin.domain.com
> *:443 is a NameVirtualHost
> default server mail.domain.com
> (/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
> port 443 namevhost mail.domain.com
> (/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
> alias www.mail.domain.com
> port 443 namevhost postfixadmin.domain.com
> (/etc/httpd/conf.d/postfixadmin-le-ssl.conf:3)
> alias www.postfixadmin.domain.com
> port 443 namevhost 127.0.0.1 (/etc/httpd/conf.d/ssl.conf:40)
> ServerRoot: "/etc/httpd"
> Main DocumentRoot: "/var/www/html"
> Main ErrorLog: "/etc/httpd/logs/error_log"
> Mutex authdigest-opaque: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex proxy-balancer-shm: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex ssl-stapling-refresh: using_defaults
> Mutex authdigest-client: using_defaults
> Mutex dav_fs-lockdb: using_defaults
> Mutex lua-ivm-shm: using_defaults
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex authn-socache: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/etc/httpd/run/" mechanism=default
> Mutex cache-socache: using_defaults
> PidFile: "/etc/httpd/run/httpd.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="apache" id=48
> Group: name="apache" id=48
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On 10/6/2025 9:02 AM, Frank Gingras wrote:
>
>
>
> On Mon, Oct 6, 2025 at 11:47 AM Bret Stern <
> [email protected]> wrote:
>
>> Thanks for the comment.
>>
>> I had to remove one of my virtual hosts to to get this working.
>>
>> My virtual host settings were triple checked...but the DocumentRoot kept
>> reverting to the
>> wrong virtual host DocRoot.
>>
>> If the apache logic is to use the ServerName directive in the [virthost
>> *:80] as the deciding factor to set the DocRoot, then either there is
>> another
>> setting that I'm not aware of or there is a bug in the logic in apache.
>> When I have more time to
>> look, maybe it will surface. I have some other http servers in our
>> environments, so will check those results as well.
>>
>> Regardless, all of this is excellent learning experience.
>> Bret
>>
>>
>> On 10/5/2025 12:08 AM, E.S. Rosenberg wrote:
>>
>> Hey Bret,
>>
>> Unless I am very much mistaken you need to use the FQDN in the ProxyPass
>> directive and if you don't want to expose the "real" IP of server B to the
>> Internet you would need to "override" the public DNS records either in
>> /etc/hosts or if you have the ability to present a different DNS view to
>> server A and don't mind that complication that would be another option.
>> You could I guess also use some internal FQDN as long as the virtualhosts
>> on server B know to respond to that too and all the links they return are
>> relative or rewritten to the domain server A presents.
>>
>> HTH,
>> Eliyahu - אליהו
>>
>> Op zo 5 okt 2025 om 09:34 schreef Bret Stern <
>> [email protected]>:
>>
>>> Can someone please comment.
>>>
>>> Apache server A is a physical server on my network. I has three virtual
>>> hosts serving three
>>> different websites. This appears to be working correctly.
>>>
>>> Introducing Apache server B
>>> Apache server A also acts as a reverse proxy to Apache server B which is
>>> another separate server with a static ip, and
>>> acts as my mail server.
>>>
>>> There are two virtual hosts defined on Apache server B, one is
>>> mail.domain.com and one is postfixadmin.domain.com
>>>
>>> My question is can Apache server A route (via reverse proxy) to the two
>>> virtual hosts on Apache server B.
>>>
>>> At this point it's close to working, but my postfixadmin.domain.com is
>>> having it's document root directed to
>>> virtual host mail.domain.com, instead of postfixadmin.domain.com
>>>
>>> I've spent hours checking my virt host configurations. Is there some
>>> other setting outside the virtual host configuration that
>>> is allowing the DocumentRoot to be hijacked?
>>>
>>> Can someone please confirm my setup is possible?
>>> Regards
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>
> You'll need to show the output from the apachectl -S command on all
> servers get a complete answer, to start.
>
>
>
The name of the config files are not relevant, indeed.
That being said, your :80 vhosts make no sense. You use SSLProxyEngine on,
yet you explicitly redirect to https:// in the same vhost. You have to
decide if you want to proxy or redirect, first.
