Yes, Virtualmin has stuffed all the directives into httpd.conf
Appreciated!
So you don’t have a “sites-enabled” directory in your “/etc/httpd” directory? Or in one of it’s sub-directories?
centos7x# cd /etc/httpd/
centos7x# find . -print
./modules
./conf.modules.d
./conf.modules.d/00-proxy.conf
./conf.modules.d/00-dav.conf
./conf.modules.d/00-lua.conf
./conf.modules.d/01-cgi.conf
./conf.modules.d/00-base.conf
./conf.modules.d/00-ssl.conf
./conf.modules.d/10-fcgid.conf
./conf.modules.d/10-php.conf
./conf.modules.d/00-systemd.conf
./conf.modules.d/00-mpm.conf
./conf.modules.d/00-mpm-itk.conf
./conf.d
./conf.d/awstats.conf
./conf.d/welcome.conf
./conf.d/userdir.conf
./conf.d/ssl.conf
./conf.d/fcgid.conf
./conf.d/ssl.conf.lock
./conf.d/README
./conf.d/webalizer.conf
./conf.d/php.conf
./conf.d/autoindex.conf
./logs
./run
./conf
./conf/httpd.conf
If you put back your “original” (or longer) VirtualHosts block (just for port 80), comment out the 4 rewrite rules, restart Apache - do things work? i.e. the test .html & .php files?
With those commented out - Apache won’t rewrite\redirect the admin & webmail - is that an issue for that domain? I suspect it might not be for that domain, but you could have a domain down the road for which it might be.
[I’m thinking out aloud here - if the rules are commented out but you have the same entries as CNAMES (webmail, admin), if things would still work? So CNAME’s for admin & webmail might resolve that issue for now]
If your .html & .php files are displaying for http - add the 443 (SSL) block in as well - commenting out the 4 rewrite lines, restart Apache and test of the .php & .html files display.
Bit weird - a lot of the web talks about “modularising” Apache and splitting things off into their own .conf files - makes perfect sense to me, but we are where we are [shitty phrase - I know]. So lets work with what we have and not try and redo Apache’s layout for now.
Actually, I had already done that. The longer block has been there since yesterday afternoon, less the commented-out rewrite rules.
This is especially odd since those rewrite rules are in every other virtualhost block as well; but those never caused problems. (Only since the “update” from 10/18. And the SSL block as well; all OK prior to 10/18 “update” – but now I can’t add SSL sites due to ERR_TOO_MANY_REDIRECTS.)
I believe I can’t add the SSL block back in for NewDomain2 as there’s no SSL certificate.
Put the SSL block back in - the request a Lets Encrypt cert for NewDomain2 (making sure it has just NewDomain2.com & www.NewDomain2.com as the hosts. can redo it later with others etc).
Then stop & start Apache and see what happens.
EDIT: without knowing what you updated on 10/18 it’s hard to say. It is possible you updated Apache as well and there could be some subtle changes under the hood in that version of Apache. Might not be - but equally there could.
To date I’ve only had Virtualmin deal with Let’s Encrypt SSL certs.
Are you suggesting the “whole hog” method as described here?
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/
All I know about the 10/18 “update” was that it said there were 2 modules – one for Webmin, the other for Virtualmin. There were no other packages noted.
Hence, I’m flummoxed why the devs won’t tell me how to back out those 2 module updates so I can prove / disprove that they are the source of the issues.
I meant do it thru Virtualmin (with NewDomain2 in the drop down) - Server configuration - SSL Certs - Lets’ encrypt: check there 2 domains associated with it (NewDomain2.com & www.NewDomain2.com) & hit request.
Hmmm, well that’s peculiar.
For some reason I was blind to the “Server Config - SSL Certs” menu entry
https://Server_IP_Addr:10000/virtual-server/cert_form.cgi?dom=157171039118361
so I went to “Edit Virtual Server - Enabled Features” and checked " Apache SSL website enabled"
https://Server_IP_Addr:10000/virtual-server/edit_domain.cgi?dom=157171039118361
It chugged away, and Let’s Encrypt issued certs for NewDomain2, www.NewDomain2, and mail.NewDomain2. (NB – if you should happen to use Cloudflare some time, be sure when you do the SSL request that CF proxy is disabled or it will fail.)
Then … [drumroll] … https://NewDomain2/ worked (??) without the ERR_TOO_MANY_REDIRECTS message from the last few days.
This doesn’t make sense. I’ve not been fiddling with anything, so why / how would the server “magically” fix itself?
I looked in httpd.conf, and the Rewrite rules were NOT included in the :443 block. (They remain commented out in the :80 block.)
Almost grasping at straws here - are there any differences in the DNS settings between NewDomain1 & newDomain2?
Doesn’t appear so. (I’ve got basically identical entries at Cloudflare DNS that point to the main server; I’m not running BIND / DNS locally.)
I can see about adding SSL again to NewDomain1 and cross my fingers…
One last thing to check:
- Disable your CF proxy, uncomment the rewrite rules in both SSL block and non-SSL block, request a LE cert for the 3 hosts for NewDomain2.com, check if both .php & .html files will display?
- then enable your CF proxy and check if both files will display?
I wonder if and I could be wrong - it’s to do with the CF proxy being enabled before obtaining the certs for SSL. Hopefully the few tests I’ve mentioned might shed some light on what is going on. EDIT: You did mention the cert will fail to issue if CF proxy is on.
You could try a few things if you are after more info:
-
Disable the SSL config in Enabled features, confirm the SSL block is NOT in httpd.conf, uncomment the 4 lines (rewrite rules) in the non-SSL block, restart Apache, and then enable the SSL config in Enabled features and check the httpd.conf file to see if the rewrite rules are there in the SSL VirtualHosts block. If they are, that would suggest that when you enable SSL , Virtualmin basically copies the non-SSL block and adds a bit to it or changes a bit.
-
Disable SSL config, confirm SSL block isn’t in httpd.conf (rewrite rules are commented out in the non SSL block), enable your CF proxy, enable the SSL config, request the SSL cert using Virtualmin and then see if you get the TOO_MANY_DIRECTS? If you do then it confirms that the SSL cert needs to be requested 1st, then CF proxy enabled. EDIT: Ignore this one, you did say with the CF proxy enabled, the cert request fails.
Hope it makes sense?
You said you hadn’t noticed the “Virtualmin - Server Config - SSL certs” option, so when you originally created NewDomain2.com and enabled (by default) the SSL option, what cert were you using?
If you can’t remember - create a new domain (for test purposes), enabling Website & SSL - then go to Virtualmin - Server Config - SSL Certs: and check the Current Cert tab. I’m wondering if it’s a self signed cert, or no cert.
This makes no sense at all… NewDomain1 is failing completely now.
I first tried backing out the SSL block, and it failed … then I gave up, deleted the whole domain and rebuilt it … failed.
From Opera and Firefox browsers I get “Forbidden, you don’t have permission to access / on this server”
From Chrome I get ERR_TOO_MANY_REDIRECTS
uhhh… wut?
I’ll try these next:
-
delete NewDomain1
-
remove all CloudFlare proxies. (DNS stays but that resolves correctly.)
-
recreate NewDomain1 (http)
-
check to see if browser connect works to reach http://NewDomain1
4a1. If not, check httpd.conf, and comment out those ReWrite rules again (assuming they’re there)
4a2. Check again to see if http://NewDomain1 works
4a3. If not … give up?
4a4. If so … then onto 5
- Assuming connection to http://NewDomain1 works, then “Enable Feature SSL”
5a. test to see if browser connect works
5a1. If not, check httpd.conf, and comment out those ReWrite rules again (assuming they’re there)
5a2. Check again to see if http://NewDomain1 works
5a3. If not … give up?
For Chrome - I tend to use Incognito mode when testing stuff like this. Does’t keep cache etc.
Did you have a LE cert for NewDomain1?