Cannot Access LAMP Web Server on Ubuntu Server 14.04
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
UPDATE: So it seems that I can access the website from computers outside of the LAN, it's when I try to pull up from any computer on the same LAN as the server that I get an issue. From what I've read it seems like this is a NAT problem. I don't entirely understand the issue, but I know it has to do with how the router treats traffic which is trying to access a public domain that is actually hosted on server connected to the router. My router has an IP triggering feature, and from what I remember about its purpose that may be what I need to configure.
I'm trying to teach myself some server basics by setting up a test server VM in VirtualBox and hosting my own WordPress blog. This is all mostly in preparation for when I finish my thesis, which will include a digital/web version which I would prefer to be able to host myself. Everything has gone pretty smoothly. I got a LAMP set up working, created a couple of test Virtual Hosts, installed WordPress and was able to visit all the Virtual Hosts, including the one with my WordPress blog, from within my LAN. Where I have run into trouble is trying to open the server to the Internet. I bought a domain name and set up dynamic DNS (I'm on a residential Comcast account) using this guide, which seemed to work, but for the life of me I can't seem to get it working and I'm out of troubleshooting ideas.
Setup details:
- The desktop on which the VM lives is running Windows 7, not sure if you all need hardware specifics, but it's a gaming machine with a decent bit of power.
- I'm using VirtualBox for the VM, and I have it set up with a Bridged connection.
- Ubuntu Server 14.04 is the OS on the VM
- Using LAMP setup, and I changed my document root to /srv, just made more sense to me.
- Using Namecheap.com for dynamic DNS. I set it up using the guide above, and got a success message. Also it updated the IP in host settings at namecheap.com, all of which leads me to believe that my dynamic DNS is likely configured properly.
- On my router I've forwarded ports 80, 443 and even 8080 just in case. I've also put my server in DMZ, and even tried turning off the firewall all together.
- I'm using a modem and router 2-in-1 from Comcast. It's running "eMTA & DOCSIS Software Version:7.6.116".
Not sure what all log/conf info will help, so hopefully this isn't overkill...
Apache2.conf
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:$APACHE_LOCK_DIR default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile $APACHE_PID_FILE
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User $APACHE_RUN_USER
Group $APACHE_RUN_GROUP
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog $APACHE_LOG_DIR/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options FollowSymLinks IncludesNOEXEC
XBitHack on
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %X-Forwarded-Fori instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%Refereri -> %U" referer
LogFormat "%User-agenti" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
UserDir disabled root
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
my-wpsite.conf <-- This is the only site enabled, and I just copied the default.conf and edited it.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin johnbltz@gmail.com
ServerName www.anarchoanthro.com
ServerAlias anarchoanthro.com
DocumentRoot /srv/wp-anarchoanthro
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog $APACHE_LOG_DIR/error.log
CustomLog $APACHE_LOG_DIR/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Set /srv/testsite1/cgibin/ as CGI script directory.
ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And here are my logs. I tried to load up anarchoanthro.com, my blog, just before grabbing these. Also I'm only including logs from today, hopefully that will narrow things down.
access.log
95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "x0fKx17xaf$Wxff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
error.log
[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'
other_vhosts_access.log
127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "x16x03x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "x80Fx01x03x01" 400 0 "-" "-"
Result of route
command
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
ubuntu apache-httpd mysql wordpress
add a comment |Â
up vote
0
down vote
favorite
UPDATE: So it seems that I can access the website from computers outside of the LAN, it's when I try to pull up from any computer on the same LAN as the server that I get an issue. From what I've read it seems like this is a NAT problem. I don't entirely understand the issue, but I know it has to do with how the router treats traffic which is trying to access a public domain that is actually hosted on server connected to the router. My router has an IP triggering feature, and from what I remember about its purpose that may be what I need to configure.
I'm trying to teach myself some server basics by setting up a test server VM in VirtualBox and hosting my own WordPress blog. This is all mostly in preparation for when I finish my thesis, which will include a digital/web version which I would prefer to be able to host myself. Everything has gone pretty smoothly. I got a LAMP set up working, created a couple of test Virtual Hosts, installed WordPress and was able to visit all the Virtual Hosts, including the one with my WordPress blog, from within my LAN. Where I have run into trouble is trying to open the server to the Internet. I bought a domain name and set up dynamic DNS (I'm on a residential Comcast account) using this guide, which seemed to work, but for the life of me I can't seem to get it working and I'm out of troubleshooting ideas.
Setup details:
- The desktop on which the VM lives is running Windows 7, not sure if you all need hardware specifics, but it's a gaming machine with a decent bit of power.
- I'm using VirtualBox for the VM, and I have it set up with a Bridged connection.
- Ubuntu Server 14.04 is the OS on the VM
- Using LAMP setup, and I changed my document root to /srv, just made more sense to me.
- Using Namecheap.com for dynamic DNS. I set it up using the guide above, and got a success message. Also it updated the IP in host settings at namecheap.com, all of which leads me to believe that my dynamic DNS is likely configured properly.
- On my router I've forwarded ports 80, 443 and even 8080 just in case. I've also put my server in DMZ, and even tried turning off the firewall all together.
- I'm using a modem and router 2-in-1 from Comcast. It's running "eMTA & DOCSIS Software Version:7.6.116".
Not sure what all log/conf info will help, so hopefully this isn't overkill...
Apache2.conf
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:$APACHE_LOCK_DIR default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile $APACHE_PID_FILE
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User $APACHE_RUN_USER
Group $APACHE_RUN_GROUP
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog $APACHE_LOG_DIR/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options FollowSymLinks IncludesNOEXEC
XBitHack on
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %X-Forwarded-Fori instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%Refereri -> %U" referer
LogFormat "%User-agenti" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
UserDir disabled root
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
my-wpsite.conf <-- This is the only site enabled, and I just copied the default.conf and edited it.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin johnbltz@gmail.com
ServerName www.anarchoanthro.com
ServerAlias anarchoanthro.com
DocumentRoot /srv/wp-anarchoanthro
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog $APACHE_LOG_DIR/error.log
CustomLog $APACHE_LOG_DIR/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Set /srv/testsite1/cgibin/ as CGI script directory.
ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And here are my logs. I tried to load up anarchoanthro.com, my blog, just before grabbing these. Also I'm only including logs from today, hopefully that will narrow things down.
access.log
95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "x0fKx17xaf$Wxff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
error.log
[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'
other_vhosts_access.log
127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "x16x03x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "x80Fx01x03x01" 400 0 "-" "-"
Result of route
command
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
ubuntu apache-httpd mysql wordpress
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
what happens when you typehttp://localhost
into your Address Bar, from the Apache Server Machine?
â eyoung100
Aug 3 '15 at 17:46
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
UPDATE: So it seems that I can access the website from computers outside of the LAN, it's when I try to pull up from any computer on the same LAN as the server that I get an issue. From what I've read it seems like this is a NAT problem. I don't entirely understand the issue, but I know it has to do with how the router treats traffic which is trying to access a public domain that is actually hosted on server connected to the router. My router has an IP triggering feature, and from what I remember about its purpose that may be what I need to configure.
I'm trying to teach myself some server basics by setting up a test server VM in VirtualBox and hosting my own WordPress blog. This is all mostly in preparation for when I finish my thesis, which will include a digital/web version which I would prefer to be able to host myself. Everything has gone pretty smoothly. I got a LAMP set up working, created a couple of test Virtual Hosts, installed WordPress and was able to visit all the Virtual Hosts, including the one with my WordPress blog, from within my LAN. Where I have run into trouble is trying to open the server to the Internet. I bought a domain name and set up dynamic DNS (I'm on a residential Comcast account) using this guide, which seemed to work, but for the life of me I can't seem to get it working and I'm out of troubleshooting ideas.
Setup details:
- The desktop on which the VM lives is running Windows 7, not sure if you all need hardware specifics, but it's a gaming machine with a decent bit of power.
- I'm using VirtualBox for the VM, and I have it set up with a Bridged connection.
- Ubuntu Server 14.04 is the OS on the VM
- Using LAMP setup, and I changed my document root to /srv, just made more sense to me.
- Using Namecheap.com for dynamic DNS. I set it up using the guide above, and got a success message. Also it updated the IP in host settings at namecheap.com, all of which leads me to believe that my dynamic DNS is likely configured properly.
- On my router I've forwarded ports 80, 443 and even 8080 just in case. I've also put my server in DMZ, and even tried turning off the firewall all together.
- I'm using a modem and router 2-in-1 from Comcast. It's running "eMTA & DOCSIS Software Version:7.6.116".
Not sure what all log/conf info will help, so hopefully this isn't overkill...
Apache2.conf
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:$APACHE_LOCK_DIR default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile $APACHE_PID_FILE
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User $APACHE_RUN_USER
Group $APACHE_RUN_GROUP
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog $APACHE_LOG_DIR/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options FollowSymLinks IncludesNOEXEC
XBitHack on
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %X-Forwarded-Fori instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%Refereri -> %U" referer
LogFormat "%User-agenti" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
UserDir disabled root
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
my-wpsite.conf <-- This is the only site enabled, and I just copied the default.conf and edited it.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin johnbltz@gmail.com
ServerName www.anarchoanthro.com
ServerAlias anarchoanthro.com
DocumentRoot /srv/wp-anarchoanthro
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog $APACHE_LOG_DIR/error.log
CustomLog $APACHE_LOG_DIR/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Set /srv/testsite1/cgibin/ as CGI script directory.
ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And here are my logs. I tried to load up anarchoanthro.com, my blog, just before grabbing these. Also I'm only including logs from today, hopefully that will narrow things down.
access.log
95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "x0fKx17xaf$Wxff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
error.log
[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'
other_vhosts_access.log
127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "x16x03x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "x80Fx01x03x01" 400 0 "-" "-"
Result of route
command
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
ubuntu apache-httpd mysql wordpress
UPDATE: So it seems that I can access the website from computers outside of the LAN, it's when I try to pull up from any computer on the same LAN as the server that I get an issue. From what I've read it seems like this is a NAT problem. I don't entirely understand the issue, but I know it has to do with how the router treats traffic which is trying to access a public domain that is actually hosted on server connected to the router. My router has an IP triggering feature, and from what I remember about its purpose that may be what I need to configure.
I'm trying to teach myself some server basics by setting up a test server VM in VirtualBox and hosting my own WordPress blog. This is all mostly in preparation for when I finish my thesis, which will include a digital/web version which I would prefer to be able to host myself. Everything has gone pretty smoothly. I got a LAMP set up working, created a couple of test Virtual Hosts, installed WordPress and was able to visit all the Virtual Hosts, including the one with my WordPress blog, from within my LAN. Where I have run into trouble is trying to open the server to the Internet. I bought a domain name and set up dynamic DNS (I'm on a residential Comcast account) using this guide, which seemed to work, but for the life of me I can't seem to get it working and I'm out of troubleshooting ideas.
Setup details:
- The desktop on which the VM lives is running Windows 7, not sure if you all need hardware specifics, but it's a gaming machine with a decent bit of power.
- I'm using VirtualBox for the VM, and I have it set up with a Bridged connection.
- Ubuntu Server 14.04 is the OS on the VM
- Using LAMP setup, and I changed my document root to /srv, just made more sense to me.
- Using Namecheap.com for dynamic DNS. I set it up using the guide above, and got a success message. Also it updated the IP in host settings at namecheap.com, all of which leads me to believe that my dynamic DNS is likely configured properly.
- On my router I've forwarded ports 80, 443 and even 8080 just in case. I've also put my server in DMZ, and even tried turning off the firewall all together.
- I'm using a modem and router 2-in-1 from Comcast. It's running "eMTA & DOCSIS Software Version:7.6.116".
Not sure what all log/conf info will help, so hopefully this isn't overkill...
Apache2.conf
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:$APACHE_LOCK_DIR default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile $APACHE_PID_FILE
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User $APACHE_RUN_USER
Group $APACHE_RUN_GROUP
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog $APACHE_LOG_DIR/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options FollowSymLinks IncludesNOEXEC
XBitHack on
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %X-Forwarded-Fori instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%Refereri -> %U" referer
LogFormat "%User-agenti" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
UserDir disabled root
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
my-wpsite.conf <-- This is the only site enabled, and I just copied the default.conf and edited it.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin johnbltz@gmail.com
ServerName www.anarchoanthro.com
ServerAlias anarchoanthro.com
DocumentRoot /srv/wp-anarchoanthro
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog $APACHE_LOG_DIR/error.log
CustomLog $APACHE_LOG_DIR/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Set /srv/testsite1/cgibin/ as CGI script directory.
ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And here are my logs. I tried to load up anarchoanthro.com, my blog, just before grabbing these. Also I'm only including logs from today, hopefully that will narrow things down.
access.log
95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "x0fKx17xaf$Wxff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
error.log
[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'
other_vhosts_access.log
127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "x16x03x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "x80Fx01x03x01" 400 0 "-" "-"
Result of route
command
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
ubuntu apache-httpd mysql wordpress
ubuntu apache-httpd mysql wordpress
edited 23 mins ago
Rui F Ribeiro
37.3k1374118
37.3k1374118
asked Aug 1 '15 at 18:03
johnbltz
32
32
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
what happens when you typehttp://localhost
into your Address Bar, from the Apache Server Machine?
â eyoung100
Aug 3 '15 at 17:46
add a comment |Â
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
what happens when you typehttp://localhost
into your Address Bar, from the Apache Server Machine?
â eyoung100
Aug 3 '15 at 17:46
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
what happens when you type
http://localhost
into your Address Bar, from the Apache Server Machine?â eyoung100
Aug 3 '15 at 17:46
what happens when you type
http://localhost
into your Address Bar, from the Apache Server Machine?â eyoung100
Aug 3 '15 at 17:46
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
accepted
First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts
file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.
I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.
Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.
Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.
You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.
Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to allhosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.
â roaima
Aug 3 '15 at 10:40
add a comment |Â
up vote
0
down vote
Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts
file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.
I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.
Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.
Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.
You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.
Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to allhosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.
â roaima
Aug 3 '15 at 10:40
add a comment |Â
up vote
0
down vote
accepted
First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts
file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.
I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.
Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.
Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.
You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.
Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to allhosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.
â roaima
Aug 3 '15 at 10:40
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts
file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.
I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.
Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.
Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.
You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.
Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.
First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts
file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.
I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.
Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.
Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.
You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.
Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.
answered Aug 1 '15 at 19:18
roaima
41.3k547112
41.3k547112
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to allhosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.
â roaima
Aug 3 '15 at 10:40
add a comment |Â
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to allhosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.
â roaima
Aug 3 '15 at 10:40
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
I can access it when I put an entry in the hosts file. I can also ssh in from the desktop the the vm is running on. How do make sure that the server has a default route pointing to my gateway? And do you mind explaining, or pointing me to an article that explains, what that means? Also, I'm running the server version of Ubuntu with no GUI, can I still use a program like Wireshark? And how? As for my ISP blocking, I've done some research and they supposedly don't block 80, but Comcast is the devil and I trust nothing they tell me. How would I test this?
â johnbltz
Aug 1 '15 at 20:44
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
Also I added some info on my router to the question. Is there anyway to test if this is the issue?
â johnbltz
Aug 1 '15 at 20:48
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
I added the output of 'route' which shows that the gateway is correctly set. Looks like the issue is actually with how the router handles a request for a server, through a public domain, which is actually on the same network as the router. I'm looking into how to deal with this.
â johnbltz
Aug 1 '15 at 23:57
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to all
hosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.â roaima
Aug 3 '15 at 10:40
This is called Hairpin NAT and there is no easy solution. One is to add the public domain name of your website to all
hosts
files on your LAN. Another is is run Split DNS. A third is to reference the website by a different name internally. A fourth solution is to replace your router.â roaima
Aug 3 '15 at 10:40
add a comment |Â
up vote
0
down vote
Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.
add a comment |Â
up vote
0
down vote
Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.
Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.
answered Aug 3 '15 at 16:36
Baazigar
53428
53428
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f219654%2fcannot-access-lamp-web-server-on-ubuntu-server-14-04%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
it works from my machine...
â eyoung100
Aug 1 '15 at 19:35
Really? That's baffling... lol
â johnbltz
Aug 1 '15 at 23:40
Confirmed, I can access it from outside the LAN. I updated the question accordingly. Problem seems to have to do with the router and how it handles a request for a server on the same network as the router. Would love a solution other than trying to edit the host file on all my devices.
â johnbltz
Aug 2 '15 at 0:03
what happens when you type
http://localhost
into your Address Bar, from the Apache Server Machine?â eyoung100
Aug 3 '15 at 17:46