Morphire

Q: Server 5.0.3 redirecting default websites to port 34543

This specifically affected my roundcube install from topicdesk. The roundcube webapp was installed against the default ssl website in server 4.x and worked just fine. 80 requests were automatically redirected to 443 and 443 had a permanent redirect to change webmail.example.com to https://webmail.example.com/webmail

 

Now after the upgrade to 5.0.3 the urls direct to webmail.example.com:34543/webmail and leave off the https:// which of course breaks everything. The /Library/Server/Web/Config/apache2/sites/ folder now contains .conf files for 0000_127.0.0.1_34543 and 0000_127.0.0.1_34580 as well as the old 0000_and_443 and 0000_any_80 .conf files used previously.

Posted on Sep 18, 2015 10:11 AM

Close

Q: Server 5.0.3 redirecting default websites to port 34543

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 18, 2015 12:54 PM in response to Morphire
    Level 1 (34 points)
    Sep 18, 2015 12:54 PM in response to Morphire

    The 0000_and_443 and 0000_any_80 .conf files are not enabled. They have the .prev extension. At least on my server.

     

    Also note the following:

    If you have virtual hosts, 0000_yourIPaddress_34580_yourDomainName.conf and 34543 files set the virtual host to 127.0.0.1 instead of _yourIPaddress_.

    The virtual_host_global.conf file sets the ports the server is listening on to 34580 and 34543 for your web sites' ip addresses. Including one for 127.0.0.1.

    Access_log now logs 127.0.0.1 as the remote IP address of your web site visitor instead of the real IP address IF they access your web site without a host name. That is, domain.com instead of www.domain.com. If they access via www (or any host name) their IP address is logged correctly. With the "bonus" that they are directed to the default web site's pages instead of the one they should be accessing.

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 18, 2015 2:46 PM in response to Morphire
    Level 1 (34 points)
    Sep 18, 2015 2:46 PM in response to Morphire

    Just wanted to add that it appears the way the web server works have been changed. The following discussion have the details of what changed, leading to the change in virtual host configurations noted by Morphire. With unintended(?) side-effects noted by me.

     

    https://discussions.apple.com/thread/7222880

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 18, 2015 4:09 PM in response to DazeConfusedAndLost
    Level 1 (34 points)
    Sep 18, 2015 4:09 PM in response to DazeConfusedAndLost

    It appears there is a typo in the 0000_ipAddress_domain_name.conf files logging 127.0.0.1 as the remote IP address instead of the actual remote IP address to the access_log. Here is a simple fix.

     

    Change this line in those virtual host config files:

      CustomLog /var/log/apache2/access_log combinedvhost

    to:

      CustomLog /var/log/apache2/access_log combinedvhostproxy

     

    Restart the web site services via the Server UI.

     

    I can't find the template that generated the files, but this should stick until you make a change to the web site via the Server UI.

  • by essandess,

    essandess essandess Sep 19, 2015 10:27 AM in response to DazeConfusedAndLost
    Level 1 (28 points)
    Applications
    Sep 19, 2015 10:27 AM in response to DazeConfusedAndLost

    Same issue here. I'm not clear on the precise fix. In my dir ./apache2/sites I see these conf files:

     

    0000_127.0.0.1_34543_.conf

    0000_127.0.0.1_34580_.conf

    0000_127.0.0.1_34580_proxy.hostname.private.conf

    virtual_host_global.conf

     

    along with all the .conf.prev for any_443 and the like.

     

    It doesn't look like editing any of the port 35480 files will fix the redirect issue. Which files require mods? Should the any_443_.conf.prev be moved to .conf files? Do you mind posting a bash history of the fix?

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 19, 2015 10:53 AM in response to essandess
    Level 1 (34 points)
    Sep 19, 2015 10:53 AM in response to essandess

    My "fix" was to fix the logging issue where all traffic seems to come from 127.0.0.1 - technically, that is true. Apple changed the way the web server works in the current version of Server (5.0.3.) Here is a direct quote from an exchange with someone from the Server Engineering Team:

     

    "The custom sites are listening behind a proxy listening on ports 80/443.  The custom sites themselves are in a separate Apache instance listening on 127.0.0.1 34580/34543.  Some of this is documented in /Library/Server/Web/Config/apache2/ReadMe.txt"

     

    You will want to change the CustomLog line in the 0000_website_IP_address_34580.conf, and 0000_website_IP_address34543.conf only if you want the access_log to correctly reflect the IP address of your website visitors. If accurate visitor IP address logging is not important to you, you can leave it alone.

     

    The any_80/433.conf.prev files are no longer used. The current ones all have 34543 or 34580 in the file name.

     

    Sorry if my post regarding fixing logging caused any confusion.

  • by essandess,

    essandess essandess Sep 19, 2015 11:23 AM in response to DazeConfusedAndLost
    Level 1 (28 points)
    Applications
    Sep 19, 2015 11:23 AM in response to DazeConfusedAndLost

    Thanks but does anyone have a fix for the OP's redirect problem? All of my websites are broken because of it.

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 19, 2015 3:11 PM in response to essandess
    Level 1 (34 points)
    Sep 19, 2015 3:11 PM in response to essandess

    Can you tell me where this redirection (80 requests were automatically redirected to 443 and 443 had a permanent redirect to change webmail.example.com to https://webmail.example.com/webmail) is taking place? Is it the https that is breaking the webapp or is the webapp still trying to listen on 443?

     

    The OP sounded like the webapp is still listening on 443.

  • by maartenvson,

    maartenvson maartenvson Sep 19, 2015 3:25 PM in response to Morphire
    Level 1 (0 points)
    Sep 19, 2015 3:25 PM in response to Morphire

    In line with the questions above I would like to know how to disable the webserver. Previously unloading the launchdaemon and removing the org.apache.httpd.plist did the trick. This is no longer working and now some ports are conflicting with other software I use.

  • by dmr_800,

    dmr_800 dmr_800 Sep 19, 2015 3:35 PM in response to Morphire
    Level 1 (0 points)
    Sep 19, 2015 3:35 PM in response to Morphire

    You've identified the problem, and we're having it too.

     

    Before upgrading to Server 5.0.3 our install had a single website:

    users coming to the site via http://website.domain.edu on port 80 were redirected to the SSL version on port 443

    this worked without any issues


    After upgrading to Server 5.0.3 users who come to the site via http://website.domain.edu/somedirectory receive

    see :34580 inserted into the address, which fails.


    And users who type https://website.domain.edu/somediretory

    see :34543 inserted into the address, which fails.


    Has anyone figured out what's going on here or how to fix it?

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 19, 2015 3:39 PM in response to maartenvson
    Level 1 (34 points)
    Sep 19, 2015 3:39 PM in response to maartenvson

    You can turn off the web server from the Server UI. That is, your web site(s). However, the web services are always on for other services that is part of Server (WebDAV, Calendar, etc.). So Apache is always running. Have you considered uninstalling Server completely?

  • by maartenvson,

    maartenvson maartenvson Sep 19, 2015 3:46 PM in response to DazeConfusedAndLost
    Level 1 (0 points)
    Sep 19, 2015 3:46 PM in response to DazeConfusedAndLost

    At this moment I only use non-web related services as DNS and VPN. I have the license so I would like to keep using these services and maybe someday migrate mail and calendar but for now I would like to stop the webserver.

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 19, 2015 3:59 PM in response to maartenvson
    Level 1 (34 points)
    Sep 19, 2015 3:59 PM in response to maartenvson

    I don't think you can take out web services entirely in this version of Server. Part of me thinks you can save yourself the trouble by just uninstalling Server and installing just DNS and VPN via MacPorts or from source.

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Sep 19, 2015 4:11 PM in response to dmr_800
    Level 1 (34 points)
    Sep 19, 2015 4:11 PM in response to dmr_800

    If all you need to do is redirect from http to https, you just need to select an SSL Certificate by editing your website's settings in the Server UI.

  • by essandess,

    essandess essandess Sep 19, 2015 5:28 PM in response to DazeConfusedAndLost
    Level 1 (28 points)
    Applications
    Sep 19, 2015 5:28 PM in response to DazeConfusedAndLost

    DazeConfusedAndLost wrote:

     

    If all you need to do is redirect from http to https, you just need to select an SSL Certificate by editing your website's settings in the Server UI.

     

    This isn't correct.

     

    May we please keep this thread focused on the OP's specific redirect problem?

     

    Anyone have a fix for this yet?

Page 1 of 3 last Next