Op di 7 okt 2025 om 18:34 schreef Bret Stern <
[email protected]>:
> Ok. So my understanding of ReWrite rules is to modify the url in some
> fashion...per the Apache docs.
> I don't see any reason to do that..so I commented out all the "ReWrite
> directives". Good to get the junk out of
> the puzzle.
>
> After commenting out the ReWrites, I restarted httpd.
> postfixadmin.domain.com is still landing in the
> mail.domain.com DocumentRoot.
>
> Is there some sort of "debug" directive which would help me figure out
> when the DocumentRoot
> is getting set to what and when.
>
> Ideas?
>
>
>
>
> First virt host config for postfixadmin
> <VirtualHost *:80>
> SSLProxyEngine on
> ServerName postfixadmin.domain.com
> ProxyPreserveHost On
> ServerAlias www.postfixadmin.domain.com
> DocumentRoot /var/www/postfixadmin/public
>
> <Directory /var/www/postfixadmin/public>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
>
> ErrorLog /var/log/httpd/postfixadmin-error.log
> CustomLog /var/log/httpd/postfixadmin-access.log combined
> #RewriteEngine on
> #RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com [OR]
> #RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
> #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </VirtualHost>
>
> second virt host config for mail
> <VirtualHost *:80>
> SSLProxyEngine on
> ServerName mail.domain.com
> ProxyPreserveHost On
> ServerAlias www.mail.domain.com
> DocumentRoot /var/www/html
>
> <Directory /var/www/html>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
>
> ErrorLog /var/log/httpd/mail-domain-error.log
> CustomLog /var/log/httpd/mail-domain-access.log combined
> #RewriteEngine on
> #RewriteCond %{SERVER_NAME} =www.mail.domain.com [OR]
> #RewriteCond %{SERVER_NAME} =mail.domain.com
> #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </VirtualHost>
>
>
>
>
>
>
> On 10/7/2025 7:29 AM, Frank Gingras wrote:
>
>
>
> On Mon, Oct 6, 2025 at 5:12 PM Bret Stern <
> [email protected]> wrote:
>
>> Frank,
>>
>> I added the original mail.domain.com virt host conf file back and now my
>> postfixadmin stuff has reverted to
>> the wrong DocumentRoot and isn't working.
>>
>> Here are the VirtHost files. The names of the files does not matter
>> correct..they can be www.domain.com.conf or
>> somename.conf, right?
>>
>> First virt host config for postfixadmin
>> <VirtualHost *:80>
>> SSLProxyEngine on
>> ServerName postfixadmin.domain.com
>> ProxyPreserveHost On
>> ServerAlias www.postfixadmin.domain.com
>> DocumentRoot /var/www/postfixadmin/public
>>
>> <Directory /var/www/postfixadmin/public>
>> Options -Indexes +FollowSymLinks
>> AllowOverride All
>> </Directory>
>>
>> ErrorLog /var/log/httpd/postfixadmin-error.log
>> CustomLog /var/log/httpd/postfixadmin-access.log combined
>> RewriteEngine on
>> RewriteCond %{SERVER_NAME} =www.postfixadmin.domain.com [OR]
>> RewriteCond %{SERVER_NAME} =postfixadmin.domain.com
>> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
>> </VirtualHost>
>>
>> second virt host config for mail
>> <VirtualHost *:80>
>> SSLProxyEngine on
>> ServerName mail.domain.com
>> ProxyPreserveHost On
>> ServerAlias www.mail.domain.com
>> DocumentRoot /var/www/html
>>
>> <Directory /var/www/html>
>> Options -Indexes +FollowSymLinks
>> AllowOverride All
>> </Directory>
>>
>> ErrorLog /var/log/httpd/mail-domain-error.log
>> CustomLog /var/log/httpd/mail-domain-access.log combined
>> RewriteEngine on
>> RewriteCond %{SERVER_NAME} =www.mail.domain.com [OR]
>> RewriteCond %{SERVER_NAME} =mail.domain.com
>> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
>> </VirtualHost>
>>
>>
>>
>>
>>
>>
>> This is my httpd -S readout for the internal server. Wondering if
>> anything here is obvious. I don't
>> read this stuff enough to know. So appreciate the eyes.
>>
>> Not sure what's causing the "already loaded" line below.
>>
>> [Mon Oct 06 13:50:40.068370 2025] [so:warn] [pid 10702:tid 10702]
>> AH01574: module proxy_http_module is already loaded, skipping
>> VirtualHost configuration:
>> *:80 is a NameVirtualHost
>> default server mail.domain.com
>> (/etc/httpd/conf.d/mail.domain.com.conf:1)
>> port 80 namevhost mail.domain.com
>> (/etc/httpd/conf.d/mail.domain.com.conf:1)
>> alias www.mail.domain.com
>> port 80 namevhost postfixadmin.domain.com
>> (/etc/httpd/conf.d/postfixadmin.conf:1)
>> alias www.postfixadmin.domain.com
>> *:443 is a NameVirtualHost
>> default server mail.domain.com
>> (/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
>> port 443 namevhost mail.domain.com
>> (/etc/httpd/conf.d/mail.domain.com-le-ssl.conf:3)
>> alias www.mail.domain.com
>> port 443 namevhost postfixadmin.domain.com
>> (/etc/httpd/conf.d/postfixadmin-le-ssl.conf:3)
>> alias www.postfixadmin.domain.com
>> port 443 namevhost 127.0.0.1 (/etc/httpd/conf.d/ssl.conf:40)
>> ServerRoot: "/etc/httpd"
>> Main DocumentRoot: "/var/www/html"
>> Main ErrorLog: "/etc/httpd/logs/error_log"
>> Mutex authdigest-opaque: using_defaults
>> Mutex watchdog-callback: using_defaults
>> Mutex proxy-balancer-shm: using_defaults
>> Mutex rewrite-map: using_defaults
>> Mutex ssl-stapling-refresh: using_defaults
>> Mutex authdigest-client: using_defaults
>> Mutex dav_fs-lockdb: using_defaults
>> Mutex lua-ivm-shm: using_defaults
>> Mutex ssl-stapling: using_defaults
>> Mutex proxy: using_defaults
>> Mutex authn-socache: using_defaults
>> Mutex ssl-cache: using_defaults
>> Mutex default: dir="/etc/httpd/run/" mechanism=default
>> Mutex cache-socache: using_defaults
>> PidFile: "/etc/httpd/run/httpd.pid"
>> Define: DUMP_VHOSTS
>> Define: DUMP_RUN_CFG
>> User: name="apache" id=48
>> Group: name="apache" id=48
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 10/6/2025 9:02 AM, Frank Gingras wrote:
>>
>>
>>
>> On Mon, Oct 6, 2025 at 11:47 AM Bret Stern <
>> [email protected]> wrote:
>>
>>> Thanks for the comment.
>>>
>>> I had to remove one of my virtual hosts to to get this working.
>>>
>>> My virtual host settings were triple checked...but the DocumentRoot kept
>>> reverting to the
>>> wrong virtual host DocRoot.
>>>
>>> If the apache logic is to use the ServerName directive in the [virthost
>>> *:80] as the deciding factor to set the DocRoot, then either there is
>>> another
>>> setting that I'm not aware of or there is a bug in the logic in apache.
>>> When I have more time to
>>> look, maybe it will surface. I have some other http servers in our
>>> environments, so will check those results as well.
>>>
>>> Regardless, all of this is excellent learning experience.
>>> Bret
>>>
>>>
>>> On 10/5/2025 12:08 AM, E.S. Rosenberg wrote:
>>>
>>> Hey Bret,
>>>
>>> Unless I am very much mistaken you need to use the FQDN in the ProxyPass
>>> directive and if you don't want to expose the "real" IP of server B to the
>>> Internet you would need to "override" the public DNS records either in
>>> /etc/hosts or if you have the ability to present a different DNS view to
>>> server A and don't mind that complication that would be another option.
>>> You could I guess also use some internal FQDN as long as the
>>> virtualhosts on server B know to respond to that too and all the links they
>>> return are relative or rewritten to the domain server A presents.
>>>
>>> HTH,
>>> Eliyahu - אליהו
>>>
>>> Op zo 5 okt 2025 om 09:34 schreef Bret Stern <
>>> [email protected]>:
>>>
>>>> Can someone please comment.
>>>>
>>>> Apache server A is a physical server on my network. I has three virtual
>>>> hosts serving three
>>>> different websites. This appears to be working correctly.
>>>>
>>>> Introducing Apache server B
>>>> Apache server A also acts as a reverse proxy to Apache server B which
>>>> is
>>>> another separate server with a static ip, and
>>>> acts as my mail server.
>>>>
>>>> There are two virtual hosts defined on Apache server B, one is
>>>> mail.domain.com and one is postfixadmin.domain.com
>>>>
>>>> My question is can Apache server A route (via reverse proxy) to the two
>>>> virtual hosts on Apache server B.
>>>>
>>>> At this point it's close to working, but my postfixadmin.domain.com is
>>>> having it's document root directed to
>>>> virtual host mail.domain.com, instead of postfixadmin.domain.com
>>>>
>>>> I've spent hours checking my virt host configurations. Is there some
>>>> other setting outside the virtual host configuration that
>>>> is allowing the DocumentRoot to be hijacked?
>>>>
>>>> Can someone please confirm my setup is possible?
>>>> Regards
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [email protected]
>>>> For additional commands, e-mail: [email protected]
>>>>
>>>>
>>>
>> You'll need to show the output from the apachectl -S command on all
>> servers get a complete answer, to start.
>>
>>
>>
> The name of the config files are not relevant, indeed.
>
> That being said, your :80 vhosts make no sense. You use SSLProxyEngine
> on, yet you explicitly redirect to https:// in the same vhost. You have
> to decide if you want to proxy or redirect, first.
>
>
>
Hey Bret,
Unless I am very much mistaken so far you have only shared the config of
the internal server (server B) and not the reverse proxy configs.
Based on what you are describing my suspicion is that your reverse proxy
configuration is wrong/stripping the target hostname and thus you end up on
whatever virtualhost matches by default.
HTH,
Eliyahu - אליהו
