problem changing Apache port 80 to 85 (Ubuntu 10.04 LTS)

jvieille · June 8, 2011, 9:52pm

I needed to free the port 80 for Nginx, so I tried to change the Apache default port to 85
It was quite weird as I found several places where the settings had to be changed.

After many difficulties, I end up with smooth Apache and Bind9 operation, but the virtual host I set is not reachable.
Querying from another server, I get:

ks312228:~# nslookup b2mml-services.com ;; Got SERVFAIL reply from 127.0.0.1, trying next server ;; Got SERVFAIL reply from 127.0.0.1, trying next server Server: 213.186.33.99 Address: 213.186.33.99#53

** server can’t find b2mml-services.com: SERVFAIL

ks312228:~# ping b2mml-services.com ping: unknown host b2mml-services.com

ks312228:~# dig ks311625.kimsufi.com b2mml-services.com

; <<>> DiG 9.6-ESV-R4 <<>> ks311625.kimsufi.com b2mml-services.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38444
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;ks311625.kimsufi.com. IN A

;; ANSWER SECTION:
ks311625.kimsufi.com. 916 IN A 188.165.208.179

;; AUTHORITY SECTION:
kimsufi.com. 53273 IN NS dns.ovh.net.
kimsufi.com. 53273 IN NS ns.ovh.net.

;; ADDITIONAL SECTION:
ns.ovh.net. 41312 IN A 213.251.128.136
dns.ovh.net. 41312 IN A 213.186.33.102

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 8 23:44:47 2011
;; MSG SIZE rcvd: 128

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50417
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;b2mml-services.com. IN A

;; Query time: 9 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 8 23:44:47 2011
;; MSG SIZE rcvd: 36

Querying from the server itself

root@ks311625:/var/log# nslookup b2mml-services.com Server: 127.0.0.1 Address: 127.0.0.1#53

Name: b2mml-services.com
Address: 188.165.208.179

root@ks311625:/var/log# named-checkconf -z zone b2mml-services.com/IN: loaded serial 2011060804 zone localhost/IN: loaded serial 2 zone 127.in-addr.arpa/IN: loaded serial 1 zone 0.in-addr.arpa/IN: loaded serial 1 zone 255.in-addr.arpa/IN: loaded serial 1

root@ks311625:/var/log# netstat -lnp | grep :85 tcp 0 0 0.0.0.0:85 0.0.0.0:* LISTEN 15742/apache2

root@ks311625:/var/log# netstat -lnp | grep :80 tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4362/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4108/nginx tcp 0 0 127.0.0.1:8021 0.0.0.0:* LISTEN 4075/freeswitch tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 4408/java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 4362/java tcp6 0 0 127.0.0.1:8079 :::* LISTEN 4230/java

Any idea?
Thanks for help

Eric · June 8, 2011, 11:12pm

Howdy,

It looks like your DNS server isn’t responding. DNS for b2mml-services.com is setup to point to 188.165.208.179 and 213.186.33.199, but neither of those IP addresses are responding to DNS queries.

In troubleshooting DNS issues – you can use intodns.com to get a DNS report, that can be helpful in figuring out what’s going awry.

In your case – the key is to determine what those two IP addresses are, and then what’s preventing the DNS queries from working.

-Eric

jvieille · June 9, 2011, 5:24am

Thank you for your invaluable help.
intodns.com was the appropriate tool for digging into this.
The problem was the following:
in the Bind “Addresses and Topology” section, under “Ports and addresses to listen on”, the specifed address was 127.0.0.1 instead of Any

I have no clue why this server was configured like this by Virtualmin. It might be specific to Ubuntu, or as a result of changing the Apache port.

However, if everything seems OK from the DNS check, the url http://www.b2mml-services.com/ still reaches Nginx (on port 80), not Apache (on port 85)-
http://www.b2mml-services.com:85 goes to Apache

I changed 80 to 85 everywhere it should, but the settings seem ignored

netstat -lnp | grep :85 tcp 0 0 0.0.0.0:85 0.0.0.0:* LISTEN 15742/apache2

netstat -lnp | grep :80 tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4362/java tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4108/nginx tcp 0 0 127.0.0.1:8021 0.0.0.0:* LISTEN 4075/freeswitch tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 4408/java tcp 0 0 127.0.0.1:8005 0.0.0.0:* LISTEN 4362/java tcp6 0 0 127.0.0.1:8079 :::* LISTEN 4230/java

Locutus · June 9, 2011, 8:19am

However, if everything seems OK from the DNS check, the url http://www.b2mml-services.com/ still reaches Nginx (on port 80), not Apache (on port 85)

Of course it does. If you don’t add a port number to the URL in your browser, it automatically connects to the default port 80, no matter how you set up your servers. Neither browser nor server can know or guess what port you want to connect to if you don’t explicitly tell it so.

If you want your webserver to use another port without entering the port number in the URL in the browser, you can do that with some iptables port forwarding magic. Though in that case you won’t be able to reach your Nginx on port 80 anymore.

ronald · June 9, 2011, 4:24pm

you actually need a second IP address to run apache on, while having 2 webservers
then if needed you can route port 80 to port 85 for that 2nd IP address …

Locutus · June 9, 2011, 4:58pm

Or you can configure the two webservers to listen only on their respective IP address, then they can even both listen on port 80.

jvieille · June 10, 2011, 6:40am

So a web site has to be reach through the port 80 anyway, unless the port number is added to the url???
I thought that this was a joke, but you are true, there is nothing in Bind that permit to route a particular domain to a IP / port destination. The rule seems to be that a web server is on 80. Period. If several servers are needed, convoluted tricks as you suggest can be envisaged…

I solved my problem by reverting Apache to 80 as it serves normal web sites hosting, and changed Nginx port to 81, wich was quite easy. Nginx and Tomcat on the server are used to backdoor applications that I do not mind to link with a specified port (Apache Solr, BigBlueButton).

By the way, it is no easy at all to change the Apache port… Many places to look at!

Thanks for your help

Locutus · June 10, 2011, 9:18am

So a web site has to be reach through the port 80 anyway, unless the port number is added to the url???

Yep, that’s right.

I thought that this was a joke, but you are true, there is nothing in Bind that permit to route a particular domain to a IP / port destination.

No joke. DNS has no information whatsoever about port numbers, at least not in the way you intended.

There are the “SRV” resource records, which provide pointers (including IP and port) for queried services, but those are only used in environments like Windows Active Directory, and not when locating web servers.

Description: Service locator (SRV) resource record. Allows multiple servers providing a similar TCP/IP-based service to be located using a single DNS query operation. This record enables you to maintain a list of servers for a well-known server port and transport protocol type ordered by preference for a DNS domain name. For example, in Windows Server 2003 DNS, it provides the means to locate domain controllers that use Lightweight Directory Access Protocol (LDAP) service over TCP port 389.

jvieille · June 10, 2011, 9:22am

I am really impressed by the responsiveness and skills of the Virtualmin community.
Thanks to all rescuers.