I have a problem with my raspberry pi 4 model B 4Go
I have installed Ubuntu Server 21.10
And installed apache2
And I have a basic ssh access
I can access it (ssh and web) with its local ip (192.168.1.90)
However impossible to connect or to load a web page with its public ip address, firewall of my pc all closed.
I don't understand the problem because before on my computer with Wamp installed, lowering the firewall and loading an apache page with a public ip was totally possible (by retesting just now it works without any problem)
I also opened port 80 on my box for testing and still nothing
Is there anything else to configure on my box or directly on my server?
Thanks
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
Here the part of the content in etc/apache/apache2.conf but I don't think it's that since I can't connect anywhere with this ip
I managed to complete my problem thanks to the "port forwarding" option on my box and not the firewall, it is enough to redirect the ports 80 to its local ip, I did not know at all that this option existed. It is possible to do it with all ports. The firewall doesn't seem to influence this, thanks to you
The apache configuration is correct.
Can you check and upload the /var/log/apache2/error.log file of apache to check what is the error?
Run the tail -f command on the log and refresh the web by accessing the public IP.
It is possible that your router is blocking the traffic.
Have you opened the ports?
Edit;
There is an error in the image, the open port has to be redirected to a local IP. The router does not know where to send the traffic.
There is a mistake in the picture, you have to redirect the open port to an IP. The router does not know where it has to send the traffic.
Related
I would like to block any traffic that does not come for the websites hosted on my VPC.
My Server's IP address is 1.2.3.4 which hosts 3 websites.
Following requests should be allowed:
http:// example1.com or https:// www.example1.com
http:// example2.com/ or https:// www.example2.com
http:// example3.com/ or https:// www.example3.com
Following requests should be blocked (including server's IP address):
http: //1.2.3.4/ or https:// 1.2.3.4/
http:// anyotherdomain.com/ or https:// anyotherdomain.com/
List of allowed Host names could be read from a text file which I could update as and when required.
Is this feasible? If yes, what are the pros and cons. If not, thank you for the information.
Cheers
You can't do that in iptables as you would like to.
What you have aren't 3 real different hosts, but 3 virtual hosts: the main difference, as you already know, is that they share the same IP address.
As they share the same IP, kernel's netfilter just can't distinguish different requests from its layer: it's your web server application itself that "routes" the different requests to its proper website by looking at the "Host:" header inside the incoming HTTP packet and by determining which virtualhost should reply to it.
A good compromise (denying instead of dropping) for what you want to do would be to setup a configuration in your web server to make it catch and deny any connection that doesn't belong to your virtual hosts. Also there's no need to make a different list in this way, as your web server could dinamically determine if the requested host exists or not.
Here's an example, assuming you're running Apache, adding the catchall sentence to the top will make your server respond with a 403 message to any connection that won't be overridden by your examples.com websites:
<VirtualHost *:80>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName example1.com
DocumentRoot /var/www/example1
<Directory /var/www/example1>
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
...
VirtualHost for example2.com (allowing all as above)
VirtualHost for example3.com (allowing all as above)
That's not the same as dropping right from the kernel of course, but it stops any further interation with your server aswell.
Probably this question was already asked, but I would appreciate a confirmation that I'm doing things right.
I run XAMPP 5.6 and all pcs connected to wifi are trusted. I'm behind a router and no virtual server or port forwarding are enabled.
(On this version of XAMPP the security.php page is gone.)
I would like that XAMPP allow access to htdocs folder (mysites) ONLY from pcs connected to my wifi, and stay locked from Internet (rejecting access to htdocs and all xampp setting folder and files).
QUESTION 1:
1) if I do nothing (not even add a password to root), is XAMPP (settings folder and/or my sites in htdocs folder) open to internet or just to my local wifi pcs?
QUESTION 2:
Adding this to httpd.conf
<Directory />
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.xxx.xxx
</Directory>
will reinforce security allowing only connection from specified local ips (and reject ANY connections from internet)?
As a test, I did try the following addresses (from another internet connection):
1) my-isp-ip/routerip/mysite
2) my-isp-ip:80/routerip/mysite
and the pages just did not load.
Is it a good test?
Thanks!
I recently made some projects on raspberry pi with linux Debian Jessie, and I am interested in porting forward websites hosted on raspberry pi to a domain I owned.
From what I learned, it is possible to make each individual website on raspberry link with configured port according to apache , for example /home/pi/html/website01 -> port 11235 website02 -> 11236 so that I can browse the websites in private network. However, the domain I have is managed by godaddy, they provide the Chain without port, so that I can't redirect one of my third level domain(ex dashboard.domain.com to my dynamic dns hostname xx.dtdns.net with the port.
Is there any possible way or idea to get it work? I am lack of knowledge of nameserver, but I have an idea that using vpn or vps to map users to my private network instead of godaddy domain manager. I have alreay built the openvpn with cert and pptp vpn on my raspberrypi. Is it possible or what's next step?
Thanks, please give me some idea.
One solution would be to use Virtual Hosting in Apache on your Raspberry. Install Apache2 on PI with:
apt-get install apache2
Create a new conf file in /etc/apache2/sites-available or use an existing one. Add the ports for different site directories:
<VirtualHost *:11235>
DocumentRoot /var/www/w1
<Directory /var/www/w1>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:11236>
DocumentRoot /var/www/w2
<Directory /var/www/w2>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
and then set Apache tolisten on the ports in the /etc/apache2/ports.conf file:
Listen 11235
Listen 11236
Restart the Apache service. You should now be able to browse both ports using the same ip address. If your ip was 111.111.111.111 then w1 directory on 111.111.111.111:11235 and 111.111.111.111:11236.
If your domain is pointing to a IP, you can use different hostnames without making change to DNS. If you domain was mydomain.com, you could instead add new virtual host names with:
<VirtualHost *:80>
ServerName w1.mydomain.com
DocumentRoot /var/www/w1
<Directory /var/www/w1>
Options +Includes -Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName w2.mydomain.com
DocumentRoot /var/www/w2
<Directory /var/www/w2>
Options +Includes -Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I want to prevent direct access to the server web root showing the Ubuntu home page at /var/www/html/index.html
I have changed the following:
/etc/apache2/sites-available/000-default.conf
DocumentRoot /var/www/websites
And restarted Apache but it's still going to /var/www/html if I visit my server directly.
Edit:
It appears this problem is only when I access the server on HTTPS. On HTTP it works fine.
You also need to change in /etc/apache2/apache2.conf. Find this:
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
and change to your desired directory
I am trying to create a URL for a site hosted through wampserver, but no matter what I do I am unable to get the URL to work. The site is online because I am able to connect through the servers IP address, though.
(I should also mention that this site is only available on an intranet)
hosts file:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost
127.0.0.1 www.socialclub.com #also tried public/private IP, still only works locally
vhosts.conf:
# Virtual Hosts
#
# Required modules: mod_log_config
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerName localhost
DocumentRoot "E:\Data\Users Apps\wamp\www\socialclub"
</VirtualHost>
<Directory "E:\Data\Users Apps\wamp\www\socialclub">
AllowOverride All
Order Allow,Deny
Allow from all
Options Indexes FollowSymLinks Includes ExecCGI
</Directory>
<VirtualHost *:80>
DocumentRoot "E:\Data\Users Apps\wamp\www\socialclub"
ServerName www.socialclub.com
</VirtualHost>
Every guide I've looked at says that this should work, but it only works locally. What do I need to do for the URL to work from other computers?
Ok I think the problem is your are not understanding what the HOSTS file is used for and what its scope is.
The HOSTS file only effects the single PC that it lives on. It is used to seed the windows DNS cache at boot time. So whatever you put in this file will have no effect on any other PC in your intranet.
There are a couple of solutions :
Lets assume your PC running WAMPServer has the ip address 192.168.1.10:
You could go to each PC in your intranet and make this change to the
HOSTS file on each PC
192.168.1.10 socialclub.com
people normally think this is too much hassle especially if they have more than 5-6 PC's to mod
You could install a local DNS Server, or make use of an existing
local DNS Server. Then as long as all the PC's in your intranet are
using that DNS Server you add the domain name to that DNS Server.
people normally think this is a good idea, but it can be quite complicated to get this right and not loose access to the real DNS servers out there on the web
A couple of changes I would suggest to your httpd-vhost.conf file
First leave localhost pointing to the original wampserver homepage, but only allow access from the PC running WAMPServer. The tools on the homepage can be a very useful for debug/diagnostics/etc, but only allow access to locahost from the PC running WAMPServer.
Second put the <Directory></Directory> block inside the Virtual Host definition. This allows you to make each virtual hosts security specific to that virtual host.
# Should be the first VHOST definition so that it is the default virtual host
# Also access rights should remain restricted to the local PC and the local network
# So that any random ip address attack will recieve an error code and not gain access
<VirtualHost *:80>
DocumentRoot "c:/wamp/www"
ServerName localhost
<Directory "c:/wamp/www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "E:\Data\Users Apps\wamp\www\socialclub"
ServerName www.socialclub.com
<Directory "E:\Data\Users Apps\wamp\www\socialclub">
AllowOverride All
Options Indexes FollowSymLinks Includes ExecCGI
# assuming your subnet equates to this range
# and you are using Apache 2.4.x
# its not necessary to allow access from all in an intranet
# in fact it might be dangerous
Require ip 192.168.1
</Directory>
</VirtualHost>