Server IP address causing vhost problems

Discussion in 'ISPConfig 3 Priority Support' started by rodti, Jul 5, 2017.

  1. rodti

    rodti Member

    I have a webserver running ISPConfig with only one IP address. I like to have the IP address set in the System > Server IP addresses page as that then associates the IP address with the servername in any dropdowns. This is a good thing for users picking an IP address in, for example, the DNS wizard, as they'll recognise the server name and have a better chance of knowing which to pick.

    I had an incident yesterday when I realised that almost all sites were showing my custom placeholder index.html. After a bit of a panic and some investigation I realised that a user had set up a site with the specific IP address of the server selected in the site settings, rather than *.

    I've set that site back to * and deleted the IP address entry from System > Server IP addresses, and everything is back to normal.

    As I like to have the IP address in dropdowns, I've re-read the manual and have been experimenting with adding the IP address back in. It seems that, irrespective of whether I set HTTPNameVirtualHost or not, selecting the IP address rather than * for a site will cause the problem again.

    I'm struggling to understand what's going on here. Could it be something to do with my Apache2 configuration that is allowing this to wreck my setup? I'll hold off posting masses of configs for now, but let me know if you need to see them!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not mix IP address and * in websites on a server. Either use * for all sites or the IP for all sites but do not mix that. Changing * to the IP gives you no benefits btw., so I won't change all sites to the IP if I were you. But you can do that of course, but then change all sites.

    The reason for this behavior is that Apache treats an IP address as a stronger match than a wildcard (*), so when you have vhosts that use the IP and others use *, then Apache will route all traffic to the hosts with the IP, no matter which domain name the sites have.
     
    rodti likes this.
  3. rodti

    rodti Member

    Ok, that makes sense, and I think from my days rummaging around in .vhost files I remember that.

    I noticed a peculiarity of my setup just now insofar as that the Server IP addresses weren't assigned to any user. This made sense in a way as they were 'owned' by the server, not any specific client. I've tried assigning them to a user and now receive the following error when I try and change from * to the IP address in a site:

    1. The IP can not be changed. Please ask your Administrator if you want to change the IPv4-Address.
    This validation rule triggers with HTTPNameVirtualHost set to Yes or No.

    There might be an argument for extending this validation rule to instances where the IP is not assigned to a client, or to prevent an IP address being added without being assigned to a client?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Clients shall not be able to change the of existing sites, only the admin can do that. and an IP can be global or assigned to a client.
     
    rodti likes this.
  5. rodti

    rodti Member

    OK, so it feels like having the IPs as set to global is the right way to have them set up.

    Other than educating users not to pick an IP address (where all other sites are set up as *), or not to pick * (where all others are set to an IP address), what would be the best way to have IP addresses set up in the System config, but not cause a clash between vhosts?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Like I wrote above, this behavior is intended by the Apache devs and is used by nginx as well, so if you want that an IP has not precedence over a wildcard, then you will have to contact the Apache developers and ask them to change their http server code.

    If you do not want to have * in the select field for IP addresses, then disable it under System > Server config in ISPConfig. But ensure that you switched all websites to the IP address as admin before you do that. Or you do not add the IP address under System > Server IP as this would only make sense if you have several IP addresses where some of them are for dedicated use for single clients.
     
    dar_ek likes this.
  7. rodti

    rodti Member

    That's a really useful explanation Till. Good to know that another approach is to disable the wildcard and spend a little time changing the sites to use specific IP addresses. I'd have to check first that there aren't any non-ISPConfig .vhost files in there (Roundcube or anything like that) set to * beforehand.

    Probably easier to just disable those IP addresses though, as there's only one attached to that server. This would mean no FQDN associated to IP addresses in IP fields (for example when setting up DNS) which is a shame as that's really useful for clients. But it looks like I can't have my cake and eat it!

    It would be nice if those IP selection fields had a 'This server' option to make things easy for clients. But then I guess you'd have to have defined that IP address association somewhere, and that's what the System > Server IP address settings are for!
     

Share This Page