Morphire

Q: Server 5.0.3 redirecting default websites to port 34543

This specifically affected my roundcube install from topicdesk. The roundcube webapp was installed against the default ssl website in server 4.x and worked just fine. 80 requests were automatically redirected to 443 and 443 had a permanent redirect to change webmail.example.com to https://webmail.example.com/webmail

 

Now after the upgrade to 5.0.3 the urls direct to webmail.example.com:34543/webmail and leave off the https:// which of course breaks everything. The /Library/Server/Web/Config/apache2/sites/ folder now contains .conf files for 0000_127.0.0.1_34543 and 0000_127.0.0.1_34580 as well as the old 0000_and_443 and 0000_any_80 .conf files used previously.

Posted on Sep 18, 2015 10:11 AM

Close

Q: Server 5.0.3 redirecting default websites to port 34543

  • All replies
  • Helpful answers

first Previous Page 3 of 3
  • by essandess,

    essandess essandess Sep 20, 2015 5:50 PM in response to essandess
    Level 1 (28 points)
    Applications
    Sep 20, 2015 5:50 PM in response to essandess

    Update: This is combined with a proxy problem.

     

    The problem goes away for me if I reconfigure to go straight to the internet and not use my web proxy.

     

    If you're running custom sites through a proxy service, do not use the proxy service if you want custom sites to work with Server.app 5.0.3. Unfortunately, that goes for all clients on the server and off, so this isn't much of a fix until Apple fixes the bug. Please file your bug reports.

     

    The bug lives somewhere in the plist file /Applications/Server.app/Contents/ServerRoot/Library/Server/Web/Config/Proxy/se rvermgr_serviceproxy_customsites.plist, probably in one of these lines:

     

                                            <dict>

                                                    <key>DEST_BASE</key>

                                                    <string>http://127.0.0.1</string>

                                                    <key>DEST_PORT</key>

                                                    <string>34543</string>

                                            </dict>

                                            <key>type</key>

                                            <string>lines</string>

                                            <key>strings</key>

                                            <array>

                                                    <string></string>

                                                    <string>#default proxy command</string>

                                                    <string>ProxyPass / ${DEST_BASE}:${DEST_PORT}/</string>

                                                    <string>ProxyPassReverse / ${DEST_BASE}:${DEST_PORT}/</string>

                                            </array>

  • by Byron Peterson1,

    Byron Peterson1 Byron Peterson1 Sep 21, 2015 9:12 AM in response to Francis Drouillard
    Level 1 (5 points)
    Sep 21, 2015 9:12 AM in response to Francis Drouillard

    I have done a little testing.  My site is a Joomla site and has an administrator directory at the url https://www.example.com/administrator

     

    After upgraded to 5.0.3 I found that if I left the trailing slash off, it redirected to https://www.example.com:34543/administrator/ and of course failed.  If I added the trailing slash, the page would load properly and everything would work.  I found a reference (I used Example 5 but instead of redirecting ports, I found that it worked to redirect the directory) to a mod_rewrite rule that I modified for my purpose.  It is:

     

    RewriteCond %{THE_REQUEST} ^[a-z]{3,9}\ /administrator\ HTTP/ [NC]

    RewriteRule ^.*administrator$ https://www.example.com/administrator/index.php [R=301,L]

     

    I'm guessing you could take this rewrite rule and apply it to any subdirectory situation to add the trailing slash and probably preferably the file to load.  Here are a couple examples:

     

    RewriteCond %{THE_REQUEST} ^[a-z]{3,9}\ /webmail\ HTTP/ [NC]

    RewriteRule ^.*webmail$ https://www.example.com/webmail/index.php [R=301,L]

     

    RewriteCond %{THE_REQUEST} ^[a-z]{3,9}\ /pma\ HTTP/ [NC]

    RewriteRule ^.*pma$ https://www.example.com/pma/index.php [R=301,L]

     

    I added this rule to my .htaccess in the root level of my site after the line 'RewriteEngine On'.

     

    I also took the opportunity to do the redirect to https at the same time but you don't have too.  Just change 'https' in the second line to 'http'.

     

    Hope this helps.

  • by stolz-krechting,

    stolz-krechting stolz-krechting Sep 21, 2015 2:02 PM in response to Morphire
    Level 1 (0 points)
    Sep 21, 2015 2:02 PM in response to Morphire

    my solution was to write/adapt a webapp that fixes it. a webapp can make an include in the .conf files that override settings.

    i have just adapted the reverse proxy settings to my server situation and found out what is broken by server app 5.0.3, at least for my problems:

     

    my base files for the web came from the tutorials from the R.A.I.S-site:

    http://www.precursor.ca/rais/

    scroll down to the tutorials at the bottom of the page:

    Server.app Reverse Proxy (FileMaker Server, Kerio Connect, and Rumpus with OS X Server.app.

     

    i've added the line "Servername test.example.com" to the top of the included .conf file.

    that, i guess, overrides the "Servername test.example.com:34543" in the .conf file which gets written by server app.

     

    hope that helps you, too.

  • by dreness,

    dreness dreness Sep 22, 2015 9:14 PM in response to Morphire
    Level 1 (60 points)
    Sep 22, 2015 9:14 PM in response to Morphire

    Hi,

     

    The rewrite rule for your roundcube site might need to be updated. Directives such as:

    RewriteRule ^([^/\.]+)/([^/\.]+)/ /webmail/ [R=301,L]

     

    will need to be updated to include the server name and protocol:

    RewriteRule ^([^/\.]+)/([^/\.]+)/ %{HTTP:X-FORWARDED-PROTO}://%{SERVER_NAME}/webmail/ [R=301,L]

     

    Cheers,

    -dre

  • by MacTechDelta,

    MacTechDelta MacTechDelta Sep 26, 2015 10:42 AM in response to Francis Drouillard
    Level 1 (0 points)
    Sep 26, 2015 10:42 AM in response to Francis Drouillard

    Francis DrouillardWrote:

    I'm having a similar problem after upgrading to Server 5.0.3.

     

    When I visit www.myinsecurewebsite.com, I get the page I expect.

    When I visit www.myinsecurewebsite.com/pma, I get the "Can't Connect to Server" error instead of my phpMyAdmin page because it is redirected to

    www.myinsecurewebsite.com:34580/pma

     

    It'd be nice if Apple fixed this quickly.

    I was also having trouble with this.

     

    Please see https://github.com/phpmyadmin/phpmyadmin/issues/11503#issuecomment-143423619

  • by Alex Narvey,

    Alex Narvey Alex Narvey Oct 1, 2015 7:07 PM in response to Morphire
    Level 1 (4 points)
    Oct 1, 2015 7:07 PM in response to Morphire

    I have been able to get the Reverse Proxy web apps for the Server GUI that I had working with OS X Server 3 and 4 to now work with Server app 5.0.4. It requires a small mod to the virtual hosts file. The details are in the newly updated Reverse Proxy tutorial (version 1.08) at the RAIS page: http://rais.precursor.ca.

  • by Francis Drouillard,

    Francis Drouillard Francis Drouillard Oct 6, 2015 5:41 PM in response to MacTechDelta
    Level 1 (14 points)
    Desktops
    Oct 6, 2015 5:41 PM in response to MacTechDelta

    After upgrading to Server.app 5.0.4 things have gotten worse.

     

    My SSL certificate is gone. The Websites tab indicates that websites are not reachable. I can't get to any of the websites running under Server from the server. I can reach those websites from the two other iMacs on the LAN so long as the URL ends with a "/".

     

    Apple created a horrible mess with this upgrade. They should provide a fix or some guidance on resolving the problems with this upgrade. Charge me another $20 if you must, but that's what it will take for small businesses to embrace this software. Okay, off my soapbox.

     

    Where can I find info on restoring my SSL certificate? Also, it is my understanding that re-creating the websites in 5.0.4 may be the best solution for security reasons. Where can I find good information on creating websites in Server 5.0.4?

     

    Thanks in advance!

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Oct 7, 2015 8:06 AM in response to Francis Drouillard
    Level 1 (34 points)
    Oct 7, 2015 8:06 AM in response to Francis Drouillard

    Have you tried the "drag Server.app to Trash, wait for dialog, drag Server.app out of trash, and let it update", um, method for the SSL issue?

     

    What exactly is happening when your websites are not reachable? Are you getting 404 errors? Is it redirecting to different ports? Is it going to the default website? Can you given examples of the URLs you are using to reach the websites?

  • by essandess,

    essandess essandess Oct 7, 2015 9:04 AM in response to Francis Drouillard
    Level 1 (28 points)
    Applications
    Oct 7, 2015 9:04 AM in response to Francis Drouillard

    I've had more success with Server.app upgrades in the past year or so. I dont know whether to credit Apple or my disciplined pre-upgrade practices of shutting down all services except DNS and making full independent bootable backups with Carbon Copy Cloner and also TM. I have had problems with disappearing certs in the past and have had to do some System Keychain foo to retrieve them. Here's a post that describes the process: Profile Manager: How to Add a Code Signing Certificate to Sign Configuration Profiles.

     

    As a last resort, you can just clone the bootable backup back over the upgrade if Server.app bug fixing fails.

  • by Francis Drouillard,

    Francis Drouillard Francis Drouillard Oct 7, 2015 5:36 PM in response to DazeConfusedAndLost
    Level 1 (14 points)
    Desktops
    Oct 7, 2015 5:36 PM in response to DazeConfusedAndLost

    After upgrading to Server.app 5.0.4 the DNS Server info in my Network Preferences went missing. Adding my DNS server back to the list fixed things.

  • by essandess,

    essandess essandess Oct 7, 2015 5:40 PM in response to Francis Drouillard
    Level 1 (28 points)
    Applications
    Oct 7, 2015 5:40 PM in response to Francis Drouillard

    Francis Drouillard wrote:

     

    After upgrading to Server.app 5.0.4 the DNS Server info in my Network Preferences went missing. Adding my DNS server back to the list fixed things.

    Well that would do it. You also want to double-check basic things like your network DNS settings pointing to 127.0.0.1.

  • by DazeConfusedAndLost,

    DazeConfusedAndLost DazeConfusedAndLost Oct 23, 2015 4:35 PM in response to Francis Drouillard
    Level 1 (34 points)
    Oct 23, 2015 4:35 PM in response to Francis Drouillard

    Francis Drouillard wrote:

     

    I'm having a similar problem after upgrading to Server 5.0.3.

     

    When I visit www.myinsecurewebsite.com, I get the page I expect.

    When I visit www.myinsecurewebsite.com/pma, I get the "Can't Connect to Server" error instead of my phpMyAdmin page because it is redirected to

    www.myinsecurewebsite.com:34580/pma

     

    It'd be nice if Apple fixed this quickly.

    Server 5.0.15 seems to have fixed this issue with the missing trailing "/"s (mis)redirections.

  • by Frank Reno,

    Frank Reno Frank Reno Apr 5, 2016 7:34 PM in response to DazeConfusedAndLost
    Level 1 (4 points)
    Apr 5, 2016 7:34 PM in response to DazeConfusedAndLost

    Does anyone have a good solution for this? It  still happening in Server 5.1

  • by emeryrg,

    emeryrg emeryrg Jul 12, 2016 8:43 AM in response to Morphire
    Level 1 (4 points)
    Servers Enterprise
    Jul 12, 2016 8:43 AM in response to Morphire

    Yeah this has been an issue for some time now. I am using Server 5.0.15 on Mac OS X 10.10.5 and this Proxy error stuff is just crazy. All these redirects and proxy stuff give too many proxy errors on small tasks. We found some way to make it go away but now it's back again. Anyone have any updates on this issue?

first Previous Page 3 of 3