VirtualHosts problem pointing subdomain to another IP with A record

mauriblint · September 25, 2019, 12:47pm

Hello guys,
I already read and try to find the answer here in the blog but I couldn’t, and I think this is a very common issue.

I´ve my domain in Cloudflare, aka mywebsite.com pointing to a server1 IP address.

Now, I’m trying to set up a subdomain s2.mywebsite.com, adding an A record in my DSN settings, pointing to a different IP address.

I just set up a fresh Ubuntu 18 image with Apache and enable SSL and virtual hosts, but the thing is that apache is not recognizing the “ServerName or ServerAlias” in my server, it always loads the default apache HTML page.

I tried to edit my /etc/host file adding the subdomain and the IP address, I get an SSL warning but it is resolved correctly, so this is the reason I think this could be a Cloudflare configuration issue.

Thanks in advance for your help.

Mauricio.

MarkMeyer · September 25, 2019, 5:47pm

As long as the correct IP ist configured (assuming you didn’t set up anything else for that domain here) there should not be an issue with it.

May i ask what’s the domain?
Die you your apache logs?

mauriblint · September 25, 2019, 6:28pm

Hi Mark,
Thanks for your answer! Yes sure, the subdomain is s2.app-sorteos.com.

I check the logs and I saw only debug lines because I enabled it. Also, I disabled the (a2dissite) the default .conf files from apache:

000-default.conf
default-ssl-conf

And created a new one:

<Directory /var/www/api>
    Require all granted
    AllowOverride All
</Directory>

<VirtualHost *:443>
    SSLEngine on
        SSLCertificateFile      /etc/ssl/certs/app.crt
        SSLCertificateKeyFile /etc/ssl/private/app.key
        ServerName s2.app-sorteos.com
        ServerAlias s2.app-sorteos.com
        DocumentRoot /var/www/api
</VirtualHost>

And as you can check, if you enter yo the subdomain in a browser, you will see the apache default page. I restart and reload also few times the server.

error.log

[email protected]:/etc/apache2/sites-available# tail -n 15 /var/log/apache2/error.log 

[Wed Sep 25 18:20:19.036801 2019] [authz_core:debug] [pid 25723] mod_authz_core.c(809): [client 198.41.231.103:38712] AH01626: authorization result of <RequireAny>: granted

[Wed Sep 25 18:20:19.036916 2019] [authz_core:debug] [pid 25723] mod_authz_core.c(809): [client 198.41.231.103:38712] AH01626: authorization result of Require all granted: granted

[Wed Sep 25 18:20:19.036973 2019] [authz_core:debug] [pid 25723] mod_authz_core.c(809): [client 198.41.231.103:38712] AH01626: authorization result of <RequireAny>: granted

[Wed Sep 25 18:20:19.037679 2019] [deflate:debug] [pid 25723] mod_deflate.c(854): [client 198.41.231.103:38712] AH01384: Zlib: Compressed 10918 to 3120 : URL /index.html

[Wed Sep 25 18:20:19.571783 2019] [authz_core:debug] [pid 25724] mod_authz_core.c(809): [client 198.41.230.240:47290] AH01626: authorization result of Require all granted: granted, referer: https://s2.app-sorteos.com/

[Wed Sep 25 18:20:19.572019 2019] [authz_core:debug] [pid 25724] mod_authz_core.c(809): [client 198.41.230.240:47290] AH01626: authorization result of <RequireAny>: granted, referer: https://s2.app-sorteos.com/

[Wed Sep 25 18:20:19.873310 2019] [watchdog:debug] [pid 25730] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?

[Wed Sep 25 18:20:20.000851 2019] [authz_core:debug] [pid 25722] mod_authz_core.c(809): [client 198.41.231.31:40446] AH01626: authorization result of Require all granted: granted, referer: https://s2.app-sorteos.com/

[Wed Sep 25 18:20:20.001084 2019] [authz_core:debug] [pid 25722] mod_authz_core.c(809): [client 198.41.231.31:40446] AH01626: authorization result of <RequireAny>: granted, referer: https://s2.app-sorteos.com/

[Wed Sep 25 18:20:20.001219 2019] [core:info] [pid 25722] [client 198.41.231.31:40446] AH00128: File does not exist: /var/www/html/favicon.ico, referer: https://s2.app-sorteos.com/

[Wed Sep 25 18:20:20.876700 2019] [watchdog:debug] [pid 25732] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?

[Wed Sep 25 18:20:20.878047 2019] [watchdog:debug] [pid 25731] mod_watchdog.c(565): AH02980: Watchdog: nothing configured?

[Wed Sep 25 18:25:24.986708 2019] [authz_core:debug] [pid 25725] mod_authz_core.c(809): [client 47.29.130.97:13843] AH01626: authorization result of Require all granted: granted

[Wed Sep 25 18:25:24.986948 2019] [authz_core:debug] [pid 25725] mod_authz_core.c(809): [client 47.29.130.97:13843] AH01626: authorization result of <RequireAny>: granted

[Wed Sep 25 18:25:24.987039 2019] [php7:error] [pid 25725] [client 47.29.130.97:13843] script '/var/www/html/index.php' not found or unable to stat

other_vhosts_access.log

::1:80 176.122.236.173 - - [25/Sep/2019:14:22:13 +0000] "GET / HTTP/1.0" 200 11192 "-" "-"

::1:80 176.122.236.173 - - [25/Sep/2019:14:23:52 +0000] "GET / HTTP/1.0" 200 11192 "-" "-"

::1:80 220.134.22.113 - - [25/Sep/2019:14:31:08 +0000] "GET / HTTP/1.1" 200 11173 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"

::1:80 220.134.22.113 - - [25/Sep/2019:14:31:09 +0000] "GET / HTTP/1.0" 200 11192 "-" "-"

::1:80 45.166.1.98 - - [25/Sep/2019:15:06:50 +0000] "GET / HTTP/1.1" 200 11173 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"

::1:80 178.173.193.74 - - [25/Sep/2019:15:40:00 +0000] "GET / HTTP/1.1" 200 11229 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"

app-sorteos.com:443 5.188.210.101 - - [25/Sep/2019:16:21:44 +0000] "GET / HTTP/1.0" 400 0 "-" "-"

app-sorteos.com:443 128.14.209.234 - - [25/Sep/2019:16:54:21 +0000] "GET / HTTP/1.1" 200 1712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"

::1:80 122.177.74.215 - - [25/Sep/2019:17:52:33 +0000] "POST /index.php?routestring=ajax/render/widget_php HTTP/1.1" 404 434 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"

::1:80 198.41.231.149 - - [25/Sep/2019:18:06:23 +0000] "GET / HTTP/1.1" 304 182 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

::1:80 198.41.231.145 - - [25/Sep/2019:18:10:02 +0000] "GET / HTTP/1.1" 304 182 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

::1:80 198.41.231.103 - - [25/Sep/2019:18:20:19 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

::1:80 198.41.230.240 - - [25/Sep/2019:18:20:19 +0000] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 181 "https://s2.app-sorteos.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

::1:80 198.41.231.31 - - [25/Sep/2019:18:20:20 +0000] "GET /favicon.ico HTTP/1.1" 404 497 "https://s2.app-sorteos.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

::1:80 47.29.130.97 - - [25/Sep/2019:18:25:24 +0000] "POST /index.php?routestring=ajax/render/widget_php HTTP/1.1" 404 434 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"

Thanks!
Mauricio.

mauriblint · September 26, 2019, 7:11pm

Hello guys,
Ok, it’s strange, but the problem is that that the request created from an https:// URL, is handled by apache through port 80, and not through port 443. so I edited my virtual host and it’s working fine, but something is messed up. The thing is a clean install of ubuntu and apache.

Could be based on a Cloudflare A record configuration?

Thanks.
Mauricio.

MarkMeyer · September 26, 2019, 7:20pm

It’s working perfectly for me now. Redirecting to HTTPS, showing a Cloudflare certificate.

What is messed up?

mauriblint · September 26, 2019, 7:40pm

Yes, it’s working fine now. But check this out:

https://s2.app-sorteos.com/this_file_not_exists.php

You will see: Apache/2.4.18 (Ubuntu) Server at s2.app-sorteos.com Port 80

And that is the issue, that the request goes by port 80 and not 443, so before, my VirtualHost never match the domain.

sandro · September 26, 2019, 7:42pm

You are experiencing the “beauty” of Cloudflare’s Flexible implementation.

Switch your SSL mode to proper “Full strict” and that should get fixed.

mauriblint · September 26, 2019, 7:49pm

Thanks!! I do not want to break anything in the main domain, so I will not change that config, but you are right, it is on Flexible Mode.

Thanks!!

sandro · September 26, 2019, 7:51pm

I can only strongly advice to make that change. Flexible is a mode that should never ever be chosen. The mode is wrong and deceptive.

Considering that you seem to have a proper certificate in place anyway, there shouldnt be any issue.

system · October 26, 2019, 7:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.