Hi, I've been trying to set up Koha on our main server but keep hitting problems with Apache NameVirtualHost configuration. The Apache documentation on this is very unclear and unhelpful, so I'm hoping that one of you has already been through this and can help. Our server has two IP addresses, one connected to the internet and the other to our LAN. It also has several names: mail.nti.gov.ng and opac.nti.gov.ng on the internet side and some .ntilan names on the LAN side. It's Apache 2 on Debian 3.1, which means it's using Debian's slightly over-clever Apache configuration mechanism. What I want to do is get it set up so that: mail.nti.gov.ng -> the default site on the Apache server opac.nti.gov.ng / opac.ntilan -> the Koha OPAC opac.ntilan:8080 -> the Koha intranet At present the intranet is working fine but opac.nti.gov.ng and mail.nti.gov.ng both take me to the Koha OPAC! The output of '/usr/sbin/apache2 -S' is:
VirtualHost configuration: 216.118.254.115:80 is a NameVirtualHost default server opac.nti.gov.ng (/etc/koha-httpd.conf:23) port 80 namevhost opac.nti.gov.ng (/etc/koha-httpd.conf:23) 192.168.0.3:80 is a NameVirtualHost default server opac.nti.gov.ng (/etc/koha-httpd.conf:23) port 80 namevhost opac.nti.gov.ng (/etc/koha-httpd.conf:23) 192.168.0.3:8080 is a NameVirtualHost default server opac.ntilan (/etc/koha-httpd.conf:41) port 8080 namevhost opac.ntilan (/etc/koha-httpd.conf:41) wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server mail.nti.gov.ng (/etc/apache2/sites-enabled/000-ssl:3) port 443 namevhost mail.nti.gov.ng (/etc/apache2/sites-enabled/000-ssl:3) *:80 is a NameVirtualHost default server mail.nti.gov.ng (/etc/apache2/sites-enabled/000-default:3) port 80 namevhost mail.nti.gov.ng (/etc/apache2/sites-enabled/000-default:3) Syntax OK
So it looks like the default server from the /etc/koha-httpd.conf (linked from /etc/apache2/sites-enabled/010-koha) is overriding the one I want from /etc/apache2/sites-enabled/000-default, any suggestions how I can prevent this? To keep this email short I haven't included all the configuration files, but I can send them if necessary. Kevin -- Kevin O'Rourke ICT Coordinator, National Teachers' Institute, Kaduna, Nigeria 062 316972
As often happens, writing an email describing the problem has helped me to find the solution. I'll reply to my question here for the benefit of anyone who has the problem in future. It's all related to how Apache resolves virtual hosts, they have a very long document describing how it works at http://httpd.apache.org/docs/2.0/vhosts/details.html The tricky part is that your default server, which on Debian is probably specified in /etc/apache2/sites-available/default is only the default if NO virtual hosts were matched. If Apache finds a vhost/namevhost match for the IP address that will override the _default_ namevhost even if the name is not correct! In my case, somebody tries to access mail.nti.gov.ng: - the IP address is 216.118.254.115 - Apache looks that address up in its hash of vhost IP addresses and finds it - that IP address has one virtual host listed, opac.nti.gov.ng - opac.nti.gov.ng doesn't match the requested URL but it's the default FOR THAT IP ADDRESS (because it's the only vhost for that IP) - Apache serves up opac.nti.gov.ng instead of what we really wanted The _default_ vhost is only used if Apache receives a request for an IP address that is not mentioned in any vhost/namevhosts. To fix the problem I had to alter /etc/apache2/sites-available/default so that the VirtualHost line is: <VirtualHost _default_:80 mail.nti.gov.ng:80 mail.ntilan:80> This means that for IP address 216.118.254.115 both opac.nti.gov.ng AND mail.nti.gov.ng are listed. The entry for mail.nti.gov.ng will be read first, in /etc/apache2/sites-enabled it's in 000-default which comes before 010-koha, so it is the default. I hope this helps somebody else as the way it works seems fairly counter-intuitive to me. The horrible interactions between different vhosts also makes Debian's efforts to keep config files separate a little pointless. Kevin
Kevin O'Rourke <lists@caboose.org.uk> wrote:
To fix the problem I had to alter /etc/apache2/sites-available/default so that the VirtualHost line is: <VirtualHost _default_:80 mail.nti.gov.ng:80 mail.ntilan:80>
Doing it that way will introduce dependencies on DNS. I think you should list IP addresses, * or _default_ in the VirtualHost, then declare hostnames as ServerName or ServerAlias. Also, each IP or * should be mentioned in a NameVirtualHost, else it can result in an unexpected combination of name and IP virtual hosts. [...]
I hope this helps somebody else as the way it works seems fairly counter-intuitive to me. The horrible interactions between different vhosts also makes Debian's efforts to keep config files separate a little pointless.
It's really little different to other weighted matching schemes, such as CSS. It's still worth splitting them. Please stop abusing the Debian project for doing a sensible thing. If there's any problem, it's that this isn't documented well enough. Hope that helps, -- MJ Ray - see/vidu http://mjr.towers.org.uk/email.html Webmaster/web developer, statistician, sysadmin, online shop maker, developer of koha, debian, gobo, gnustep, various mail and web s/w. Workers co-op @ Weston-super-Mare, Somerset http://www.ttllp.co.uk/
MJ Ray wrote:
Kevin O'Rourke <lists@caboose.org.uk> wrote:
To fix the problem I had to alter /etc/apache2/sites-available/default so that the VirtualHost line is: <VirtualHost _default_:80 mail.nti.gov.ng:80 mail.ntilan:80>
Doing it that way will introduce dependencies on DNS. I think you should list IP addresses, * or _default_ in the VirtualHost, then declare hostnames as ServerName or ServerAlias. Also, each IP or * should be mentioned in a NameVirtualHost, else it can result in an unexpected combination of name and IP virtual hosts.
That's true but in our setup we already have a local caching DNS server (our internet connection is via satellite, which makes DNS lookups painfully slow). The server's own IP addresses are in the local /etc/hosts file which is read by the DNS server, so those addresses are always available instantly. For other people's setups using IP addresses is probably more appropriate. If I had used IP addresses then the IP address would be spread across multiple configuration files, making it difficult to catch all the occurrences when the IP address changes. I'm trying to make this setup as simple to maintain as possible. I have NameVirtualHost lines for each address I'm using, as well as *:80 and *:8080. Kevin
participants (2)
-
Kevin O'Rourke -
MJ Ray