Apache returning wrong virtualhost

antioch · September 9, 2021, 2:54am

SYSTEM INFORMATION

OS type and version:	ubuntu 20.04 server
Webmin version:	1.981
Virtualmin version:	6.16
Related products version:	apache 2.4.41

http and https requests to domain1.tld work as intended.

https requests to domain2.tld work as intended. http requests return domain1.tld’s site.

/etc/apache2/sites-available/domain1.tld.conf:

<VirtualHost 1.2.3.4:80>
SuexecUserGroup "#1010" "#1005"
ServerName domain1.tld
ServerAlias www.domain1.tld
ServerAlias autoconfig.domain1.tld
ServerAlias autodiscover.domain1.tld
DocumentRoot /home/domain1.tld/public_html
ErrorLog /var/log/virtualmin/domain1.tld_error_log
CustomLog /var/log/virtualmin/domain1.tld_access_log combined
ScriptAlias /cgi-bin/ /home/domain1.tld/cgi-bin/
ScriptAlias /awstats/ /home/domain1.tld/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
ScriptAlias /Autodiscover/Autodiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/domain1.tld/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.3
AddHandler fcgid-script .php7.4
AddHandler fcgid-script .php8.0
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.4.fcgi .php
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.3.fcgi .php7.3
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.4.fcgi .php7.4
FCGIWrapper /home/domain1.tld/fcgi-bin/php8.0.fcgi .php8.0
</Directory>
<Directory /home/domain1.tld/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RemoveHandler .php
RemoveHandler .php7.3
RemoveHandler .php7.4
RemoveHandler .php8.0
<Files awstats.pl>
AuthName "domain1.tld statistics"
AuthType Basic
AuthUserFile /home/domain1.tld/.awstats-htpasswd
require valid-user
</Files>
Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
</VirtualHost>
<VirtualHost 1.2.3.4:443>
SuexecUserGroup "#1010" "#1005"
ServerName domain1.tld
ServerAlias www.domain1.tld
ServerAlias autoconfig.domain1.tld
ServerAlias autodiscover.domain1.tld
DocumentRoot /home/domain1.tld/public_html
ErrorLog /var/log/virtualmin/domain1.tld_error_log
CustomLog /var/log/virtualmin/domain1.tld_access_log combined
ScriptAlias /cgi-bin/ /home/domain1.tld/cgi-bin/
ScriptAlias /awstats/ /home/domain1.tld/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
ScriptAlias /Autodiscover/Autodiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/domain1.tld/cgi-bin/autoconfig.cgi
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/domain1.tld/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.3
AddHandler fcgid-script .php7.4
AddHandler fcgid-script .php8.0
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.4.fcgi .php
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.3.fcgi .php7.3
FCGIWrapper /home/domain1.tld/fcgi-bin/php7.4.fcgi .php7.4
FCGIWrapper /home/domain1.tld/fcgi-bin/php8.0.fcgi .php8.0
</Directory>
<Directory /home/domain1.tld/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RemoveHandler .php
RemoveHandler .php7.3
RemoveHandler .php7.4
RemoveHandler .php8.0
SSLEngine on
SSLCertificateFile /home/domain1.tld/ssl.cert
SSLCertificateKeyFile /home/domain1.tld/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "domain1.tld statistics"
AuthType Basic
AuthUserFile /home/domain1.tld/.awstats-htpasswd
require valid-user
</Files>
Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
SSLCACertificateFile /home/domain1.tld/ssl.ca
</VirtualHost>

/etc/apache2/sites-available/domain2.tld.conf:

<VirtualHost 1.2.3.4:80>
    DocumentRoot /var/www/html
    ServerName domain2.tld
    <Directory "/var/www/html">
        allow from all
        Options None
        Require all granted
    </Directory>
	ServerAlias *.domain2.tld
	ServerAdmin webmaster@localhost
	ErrorLog /var/log/apache2/error.log
	CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost 1.2.3.4:443>
    DocumentRoot /var/www/html
    ServerName domain2.tld
    <Directory "/var/www/html">
        allow from all
        Options None
        Require all granted
    </Directory>
	ServerAlias *.domain2.tld
	ServerAdmin webmaster@localhost
	ErrorLog /var/log/apache2/error.log
	CustomLog /var/log/apache2/access.log combined
	SSLEngine on
	SSLProtocol +TLSv1.2
	SSLCertificateFile /etc/webmin/letsencrypt-cert.pem
	SSLCertificateKeyFile /etc/webmin/letsencrypt-key.pem
	SSLCACertificateFile /etc/webmin/letsencrypt-ca.pem
</VirtualHost>

antioch · September 15, 2021, 5:12pm

a lone cricket chirps in the distance

Gomez_Adams · September 15, 2021, 5:25pm

If memory serves, this problem has appeared on this site roughly 100 times. I guess people are just tired of answering the same issue over and over again. When you get an error on connection to a subdomain or alternate domain it will typically transfer you to the default domain by design.

A test to do is to go to domain 2 and set it as the default domain and try to connect to it via http and see what error you get. That will tell you more about what is going on.

Another idea is to actually list the domain name so we can connect to it to see if it is in fact an error. I’ve seen people that didn’t properly clean out their browser caches have this issue when it wasn’t actually an issue.

antioch · September 15, 2021, 6:47pm

clearing the browser cache now allows me access to http://domain2.tld.

however the root issue that caused me to discover the latter is that tests run with domain2.tld at SSL Server Test (Powered by Qualys SSL Labs) indicates that the server is also sending the certificate for domain1.tld (Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI) as well as the certificate for domain2.tld (Certificate #1: RSA 2048 bits (SHA256withRSA)). Certificate #2 of course causes a name mismatch.

for some background, domain2.tld is my webmin domain, and domain1.tld is for a virtualserver. running virtualserver domains through SSL Server Test (Powered by Qualys SSL Labs) results in output without any troublesome Certificate #2 section.

ilouie · September 15, 2021, 7:47pm

I had the same issue just the other day. Go to Servers/Apache Webservers and make sure each domain has Port 80 and 443 going to the same file. If you’re missing 80 on any of them, you’ll get the defaulted domain when you call that domain. Unless you and your visitors know that they’ll have to go directly to HTTPS, the server will not find 80 and go to the default domain. I hope this helps you.

antioch · September 18, 2021, 3:52pm

the only virtual host not showing a specific port is Default Server, even though it’s defined in 000-default.conf below:

<VirtualHost 1.2.3.4:80>
    DocumentRoot /var/www/html
    <Directory "/var/www/html">
        allow from all
        Options None
        Require all granted
    </Directory>
	ServerAdmin webmaster@localhost
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

antioch · September 19, 2021, 3:40pm

its worth noting that domain1.tld only has its certificate presented to SSL Server Test (Powered by Qualys SSL Labs) during domain2.tld’s test so long as it is first, alphabetically, in the list of virtualservers. adding domain0.tld as a new virtualserver, for example, causes SSL Server Test (Powered by Qualys SSL Labs) to report its certificate in the Certificate #2 section of domain2.tld’s test.

system · November 18, 2021, 3:40pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.