Frank,
I added the original mail.domain.com virt host conf file back and now my
postfixadmin stuff has reverted to
the wrong DocumentRoot and isn't working.
Here are the VirtHost files. The names of the files does not matter
correct..they can be www.domain.com.conf or
somename.conf, right?
First virt host config for postfixadmin
<VirtualHost *:80>
SSLProxyEngine on
ServerName postfixadmin.domain.com
ProxyPreserveHost On
ServerAlias www.postfixadmin.domain.com
DocumentRoot /var/www/postfixadmin/public
<Directory /var/www/postfixadmin/public>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/postfixadmin-error.log
CustomLog /var/log/httpd/postfixadmin-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com [OR]
RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
second virt host config for mail
<VirtualHost *:80>
SSLProxyEngine on
ServerName mail.domain.com
ProxyPreserveHost On
ServerAlias www.mail.domain.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mail-domain-error.log
CustomLog /var/log/httpd/mail-domain-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mail.domain.com [OR]
RewriteCond %{SERVER_NAME} =mail.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
This is my httpd -S readout for the internal server. Wondering if
anything here is obvious. I don't
read this stuff enough to know. So appreciate the eyes.
Not sure what's causing the "already loaded" line below.
[Mon Oct 06 13:50:40.068370 2025] [so:warn] [pid 10702:tid 10702]
AH01574: module proxy_http_module is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server mail.domain.com
(/etc/httpd/conf.d/mail.domain.com.conf:1)
port 80 namevhost mail.domain.com
(/etc/httpd/conf.d/mail.domain.com.conf:1)
alias www.mail.domain.com
port 80 namevhost postfixadmin.domain.com
(/etc/httpd/conf.d/postfixadmin.conf:1)
alias www.postfixadmin.domain.com
*:443 is a NameVirtualHost
default server mail.domain.com
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
port 443 namevhost mail.domain.com
(/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
alias www.mail.domain.com
port 443 namevhost postfixadmin.domain.com
(/etc/httpd/conf.d/postfixadmin-le-ssl.conf:3)
alias www.postfixadmin.domain.com
port 443 namevhost 127.0.0.1 (/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex dav_fs-lockdb: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
On 10/6/2025 9:02 AM, Frank Gingras wrote:
On Mon, Oct 6, 2025 at 11:47 AM Bret Stern
<[email protected]> wrote:
Thanks for the comment.
I had to remove one of my virtual hosts to to get this working.
My virtual host settings were triple checked...but the
DocumentRoot kept reverting to the
wrong virtual host DocRoot.
If the apache logic is to use the ServerName directive in the
[virthost *:80] as the deciding factor to set the DocRoot, then
either there is another
setting that I'm not aware of or there is a bug in the logic in
apache. When I have more time to
look, maybe it will surface. I have some other http servers in our
environments, so will check those results as well.
Regardless, all of this is excellent learning experience.
Bret
On 10/5/2025 12:08 AM, E.S. Rosenberg wrote:
Hey Bret,
Unless I am very much mistaken you need to use the FQDN in the
ProxyPass directive and if you don't want to expose the "real" IP
of server B to the Internet you would need to "override" the
public DNS records either in /etc/hosts or if you have the
ability to present a different DNS view to server A and don't
mind that complication that would be another option.
You could I guess also use some internal FQDN as long as the
virtualhosts on server B know to respond to that too and all the
links they return are relative or rewritten to the domain server
A presents.
HTH,
Eliyahu - אליהו
Op zo 5 okt 2025 om 09:34 schreef Bret Stern
<[email protected]>:
Can someone please comment.
Apache server A is a physical server on my network. I has
three virtual
hosts serving three
different websites. This appears to be working correctly.
Introducing Apache server B
Apache server A also acts as a reverse proxy to Apache server
B which is
another separate server with a static ip, and
acts as my mail server.
There are two virtual hosts defined on Apache server B, one is
mail.domain.com <http://mail.domain.com> and one is
postfixadmin.domain.com <http://postfixadmin.domain.com>
My question is can Apache server A route (via reverse proxy)
to the two
virtual hosts on Apache server B.
At this point it's close to working, but my
postfixadmin.domain.com <http://postfixadmin.domain.com> is
having it's document root directed to
virtual host mail.domain.com <http://mail.domain.com>,
instead of postfixadmin.domain.com
<http://postfixadmin.domain.com>
I've spent hours checking my virt host configurations. Is
there some
other setting outside the virtual host configuration that
is allowing the DocumentRoot to be hijacked?
Can someone please confirm my setup is possible?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
You'll need to show the output from the apachectl -S command on all
servers get a complete answer, to start.
