Virtual Host not Resolving

I have a VPS and actually have several Virtual Hosts setup. I also have subdomains as well.

However, I am at a loss on what is going on. I just added vhost of bluebonnet-realty dot com/ it keeps resolving to beardedrazorback dot com ← this is the original/root domain.

It is a client that I had shared hosting setup on, I am shutting down this shared hosting and trying to point it to my VPS it goes to the correct IP, but it does not go to correct DNS Name.

First of all to simplify troubleshooting, grey-cloud your DNS entries until you’re sure everything on your server is 100% configured properly and working, then you can start orange-clouding your DNS entries, one at a time, doing thorough testing in between.

Your premise is not correct… bluebonnet-realty.com is not “resolving” to beardedrazorback.com … requests to bluebonnet-realty.com are hitting your server and your server is responding, but not responding with the website you intended. Something is wrong with your Apache vhost configuration. vhost matching on Apache is a complex thing, prone to errors.

to further illustrate, http://beardedrazorback.com/ (non-HTTPS) responds with the realty site… so you likely have several config issues going on.

It doesn’t really have anything to do with Cloudflare but if you post the vhost sections from your Apache config I can probably tell you what’s wrong with them… post the output of apachectl -S as well if you can

1 Like

Thank You. I am not disagreeing with anything you have shared here. Just know I have spent days/hours trying to track this down and posted on various forums. You are the first to respond. So many iterations trying various things may have caused more good than bad.

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName bluebonnet-realty.com
    ServerAlias www.bluebonnet-realty.com
    DocumentRoot /var/www/bluebonnet-realty.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


<Directory /var/www/bluebonnet-realty.com/>
    AllowOverride All
</Directory>
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server beardedrazorback.com (/etc/apache2/sites-enabled/beardedrazorback-le-ssl.conf:2)
         port 443 namevhost beardedrazorback.com (/etc/apache2/sites-enabled/beardedrazorback-le-ssl.conf:2)
                 alias www.beardedrazorback.com
         port 443 namevhost blog.beardedrazorback.com (/etc/apache2/sites-enabled/blog.beardedrazorback-le-ssl.conf:2)
                 alias www.blog.beardedrazorback.com
         port 443 namevhost blog.rzrsolutions.com (/etc/apache2/sites-enabled/blog.rzrsolutions-le-ssl.conf:2)
                 alias www.blog.rzrsolutions.com
         port 443 namevhost blog.theord.com (/etc/apache2/sites-enabled/blog.theord-le-ssl.conf:2)
                 alias www.blog.theord.com
         port 443 namevhost nicandjake.com (/etc/apache2/sites-enabled/nicandjake-le-ssl.conf:2)
                 alias www.nicandjake.com
         port 443 namevhost prosperxc.com (/etc/apache2/sites-enabled/prosperxc-le-ssl.conf:2)
                 alias www.prosperxc.com
         port 443 namevhost rzrit.com (/etc/apache2/sites-enabled/rzrit-le-ssl.conf:2)
                 alias www.rzrit.com
         port 443 namevhost rzrsolutions.com (/etc/apache2/sites-enabled/rzrsolutions-le-ssl.conf:2)
                 alias www.rzrsolutions.com
         port 443 namevhost support.beardedrazorback.com (/etc/apache2/sites-enabled/support.beardedrazorback-le-ssl.conf:2)
                 alias www.support.beardedrazorback.com
         port 443 namevhost thegospelgamer.com (/etc/apache2/sites-enabled/thegospelgamer-le-ssl.conf:2)
                 alias www.thegospelgamer.com
         port 443 namevhost theord.com (/etc/apache2/sites-enabled/theord-le-ssl.conf:2)
                 alias www.theord.com
         port 443 namevhost twitch.beardedrazorback.com (/etc/apache2/sites-enabled/twitch.beardedrazorback-le-ssl.conf:2)
                 alias www.twitch.beardedrazorback.com
*:80                   is a NameVirtualHost
         default server beardedrazorback.com (/etc/apache2/sites-enabled/beardedrazorback.conf:1)
         port 80 namevhost beardedrazorback.com (/etc/apache2/sites-enabled/beardedrazorback.conf:1)
                 alias www.beardedrazorback.com
         port 80 namevhost blog.beardedrazorback.com (/etc/apache2/sites-enabled/blog.beardedrazorback.conf:1)
                 alias www.blog.beardedrazorback.com
         port 80 namevhost blog.rzrsolutions.com (/etc/apache2/sites-enabled/blog.rzrsolutions.conf:1)
                 alias www.blog.rzrsolutions.com
         port 80 namevhost blog.theord.com (/etc/apache2/sites-enabled/blog.theord.conf:1)
                 alias www.blog.theord.com
         port 80 namevhost bluebonnet-realty.com (/etc/apache2/sites-enabled/bluebonnet-realty.conf:1)
                 alias www.bluebonnet-realty.com
         port 80 namevhost jacobkern.com (/etc/apache2/sites-enabled/jacobkern.conf:1)
                 alias www.jacobkern.com
         port 80 namevhost nicandjake.com (/etc/apache2/sites-enabled/nicandjake.conf:1)
                 alias www.nicandjake.com
         port 80 namevhost prosperxc.com (/etc/apache2/sites-enabled/prosperxc.conf:1)
                 alias www.prosperxc.com
         port 80 namevhost rzrit.com (/etc/apache2/sites-enabled/rzrit.conf:1)
                 alias www.rzrit.com
         port 80 namevhost rzrsolutions.com (/etc/apache2/sites-enabled/rzrsolutions.conf:1)
                 alias www.rzrsolutions.com
         port 80 namevhost secure.beardedrazorback.com (/etc/apache2/sites-enabled/secure.beardedrazorback.conf:1)
                 alias www.secure.beardedrazorback.com
         port 80 namevhost support.beardedrazorback.com (/etc/apache2/sites-enabled/support.beardedrazorback.conf:1)
                 alias www.support.beardedrazorback.com
         port 80 namevhost thegospelgamer.com (/etc/apache2/sites-enabled/thegospelgamer.conf:1)
                 alias www.thegospelgamer.com
         port 80 namevhost theord.com (/etc/apache2/sites-enabled/theord.conf:1)
                 alias www.theord.com
         port 80 namevhost twitch.beardedrazorback.com (/etc/apache2/sites-enabled/twitch.beardedrazorback.conf:1)
                 alias www.twitch.beardedrazorback.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

The reason the http:// beardedrazorback dot com was resolving to realty site is because I added.

I have removed and it wors as should.

When I try and run cerbot on realty site it also fails. I know one thing at a time, as I said been days working on this and to me is a head scratcher.

I replied, but I guess it needs to be approved for some reason from a moderator. If I made a mistake in the post, I will rectify ASAP. I just posted the vhost conf file and the log from apachectl -S

When posting command line output, be sure to use code blocks. It makes it easier to read, and not using them may have contributed to your post being moderated.

For multi-line code blocks, start with three backticks ` on a line before the output you want to share and end with another line that has three backticks. Everything in between should be rendered in the code block.

I can’t see anything so I’m flying blind but I’ll take a stab at it…

First of all I see you’re already using LetsEncrypt so that’s a good start but I’d recommend generating a single certificate that covers all your domains, including *.example.com subdomain wildcards for each domain. Having a single certificate that covers everything simplifies things a lot and also means you can put your “SSLCertificateFile” and “SSLCertificateKeyFile” in global config instead of having to replicate it in every HTTPS vhost.

Here’s how I generate my super-certificate:

certbot certonly --rsa-key-size 4096 --must-staple --dns-cloudflare --dns-cloudflare-credentials ~/cloudflare.ini -d example.com -d *.example.com -d example.net -d *.example.net ...

(Remove the “–must-staple” if you don’t want to use OSCP stapling, but you really should use it, it’s just a few extra lines to add in global config to set it up)

Here’s how I would do the vhosts (keep in mind that order matters and I have them in this order for a reason):

  1. A single vhost for port 80 with NO DocumentRoot; we never want to serve any files over insecure HTTP, the only purpose of this vhost is to redirect to HTTPS (and also strip off www if present)
<VirtualHost (IPV4-IP):80 (IPV6-IP):80>
  ServerName whatever
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^(?:www[0-9]?\.)?(.*)$ [NC]
  RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=308,NC,QSD]
</VirtualHost>

(Because this will be the default vhost for port 80, I’m just using a dummy value for “ServerName”; as this will be the only vhost for post 80, ALL traffic to port 80 is guaranteed to match this vhost)

  1. A default vhost for port 443; this vhost will be invoked if someone hits your IP directly without specifying a Host: header, or if the Host: header doesn’t match any of your other vhosts; this vhost will also contain a translation to strip www.
<VirtualHost (IPV4-IP):443 (IPV6-IP):443>
  ServerName whatever
  DocumentRoot "/var/www/html"
  SSLEngine on
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^www[0-9]?\.(.*)$ [NC]
  RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=308,NC,QSD]
</VirtualHost>

In /var/www/html I would put some kind of error page explaining that they’re trying to access the site improperly

Again I’m using a dummy “ServerName” – of the several vhosts you’ll have for port 443, this one appears first in the config, making it the default vhost port 443, meaning that all port 443 traffic will match this vhost UNLESS the Host: header of the request exactly matches one of the later port 443 vhost ServerNames

  1. A port 443 vhost for every actual site you’re hosting.
<VirtualHost (IPV4-IP):443 (IPV6-IP):443>
  ServerName bluebonnet-realty.com
  DocumentRoot "/var/www/bluebonnet-realty"
  SSLEngine on
</VirtualHost>

<VirtualHost (IPV4-IP):443 (IPV6-IP):443>
  ServerName beardedrazorback.com
  DocumentRoot "/var/www/beardedrazorback"
  SSLEngine on
</VirtualHost>

Note, this assumes you’re using a single SSL certificate that covers all domains, specified in global config. If you want to use a separate certificate for each domain, you’ll need additional config in each vhost

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName bluebonnet-realty.com
    ServerAlias www.bluebonnet-realty.com
    DocumentRoot /var/www/bluebonnet-realty.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


<Directory /var/www/bluebonnet-realty.com/>
    AllowOverride All
</Directory>

I have more than 2 domains. I have the sites-available - each with their own site-name.conf. Then I use certbot to create the SSL Certs wich then creates site-name-le-ssl.conf.

As I read through this a second time. To understand I should take all vhost and subdomains and put in a single global config file and for port 80 and one for port 443?

That’s going to be a matter of personal preference. I don’t care for that approach as it adds unnecessary overhead to vhost management. I find it preferable to put all HTTP & HTTPS config related to a specific hostname in its own config file. It makes things a lot easier when you need to disable or enable an individual vhost since you can use the a2ensite and a2dissite commands with the relevant config file as the argument.

@beardedrazorback, I am afraid the whole topic if a bit off-topic for the forum at this point. Apache related questions are best discussed at StackExchange or Reddit. There’s no relation to Cloudflare any more.

1 Like

There are multiple ways to do things but it’s important to understand how vhost matching works in Apache, the concept of default vhosts, and that the ordering of vhosts matters.

I prefer to keep all my vhosts in a single sites.conf file so that I can easily control the ordering and easily reorder them when needed. I know some prefer to use multiple files, but then you have to jump through additional hoops to control the order of the vhosts, like prepending the filenames with numbers or something.

Keep in mind that at minimum, you’re going to have a default vhost for port 80, and a default vhost for port 443. I would strongly recommend that your default vhost for port 80 be your ONLY vhost for port 80, and that it does not have a DocumentRoot. This ensures that non-encrypted connections will have no access to your filesystem, while still allow you to use the vhost for redirects.

For port 443, you CAN double up and make the default vhost also be the vhost that serves one of your actual websites, but I don’t recommend it, I prefer having a default vhost that’s just a default vhost (displaying just an error page or something) and then having your actual sites on their own vhosts.

So doing it the way I like to do it, if you have 3 domains, you’d have 5 vhosts (default 80, default 443, and then a 443 for each of your sites). If you have 7 domains you’d have 9 vhosts etc

I understand, but as mentioned, StackExchange or Reddit will certainly help. Or one of the Apache forums. The forum here really is for Cloudflare related issues.