mjhjmtu

UPDATE: So it seems that I can access the website from computers outside of the LAN, it's when I try to pull up from any computer on the same LAN as the server that I get an issue. From what I've read it seems like this is a NAT problem. I don't entirely understand the issue, but I know it has to do with how the router treats traffic which is trying to access a public domain that is actually hosted on server connected to the router. My router has an IP triggering feature, and from what I remember about its purpose that may be what I need to configure.

I'm trying to teach myself some server basics by setting up a test server VM in VirtualBox and hosting my own WordPress blog. This is all mostly in preparation for when I finish my thesis, which will include a digital/web version which I would prefer to be able to host myself. Everything has gone pretty smoothly. I got a LAMP set up working, created a couple of test Virtual Hosts, installed WordPress and was able to visit all the Virtual Hosts, including the one with my WordPress blog, from within my LAN. Where I have run into trouble is trying to open the server to the Internet. I bought a domain name and set up dynamic DNS (I'm on a residential Comcast account) using this guide, which seemed to work, but for the life of me I can't seem to get it working and I'm out of troubleshooting ideas.

Setup details:

• The desktop on which the VM lives is running Windows 7, not sure if you all need hardware specifics, but it's a gaming machine with a decent bit of power.


• I'm using VirtualBox for the VM, and I have it set up with a Bridged connection.


• Ubuntu Server 14.04 is the OS on the VM


• Using LAMP setup, and I changed my document root to /srv, just made more sense to me.


• Using Namecheap.com for dynamic DNS. I set it up using the guide above, and got a success message. Also it updated the IP in host settings at namecheap.com, all of which leads me to believe that my dynamic DNS is likely configured properly.


• On my router I've forwarded ports 80, 443 and even 8080 just in case. I've also put my server in DMZ, and even tried turning off the firewall all together.


• I'm using a modem and router 2-in-1 from Comcast. It's running "eMTA & DOCSIS Software Version:7.6.116".

Not sure what all log/conf info will help, so hopefully this isn't overkill...

Apache2.conf

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:$APACHE_LOCK_DIR default

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile $APACHE_PID_FILE

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5


# These need to be set in /etc/apache2/envvars
User $APACHE_RUN_USER
Group $APACHE_RUN_GROUP

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog $APACHE_LOG_DIR/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
 Options FollowSymLinks
 AllowOverride None
 Require all denied
</Directory>

<Directory /usr/share>
 AllowOverride None
 Require all granted
</Directory>

<Directory /var/www/>
 Options FollowSymLinks
 AllowOverride None
 Require all granted
</Directory>


<Directory /srv/>
 Options FollowSymLinks IncludesNOEXEC
 XBitHack on
 AllowOverride None
 Require all granted
</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^.ht">
 Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %X-Forwarded-Fori instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" vhost_combined
LogFormat "%h %l %u %t "%r" %>s %O "%Refereri" "%User-Agenti"" combined
LogFormat "%h %l %u %t "%r" %>s %O" common
LogFormat "%Refereri -> %U" referer
LogFormat "%User-agenti" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

UserDir disabled root

ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80
Listen 8080

<IfModule ssl_module>
 Listen 443
</IfModule>

<IfModule mod_gnutls.c>
 Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

my-wpsite.conf <-- This is the only site enabled, and I just copied the default.conf and edited it.

<VirtualHost *:80>
 # The ServerName directive sets the request scheme, hostname and port that
 # the server uses to identify itself. This is used when creating
 # redirection URLs. In the context of virtual hosts, the ServerName
 # specifies what hostname must appear in the request's Host: header to
 # match this virtual host. For the default virtual host (this file) this
 # value is not decisive as it is used as a last resort host regardless.
 # However, you must set it for any further virtual host explicitly.
 #ServerName www.example.com

 ServerAdmin johnbltz@gmail.com
 ServerName www.anarchoanthro.com
 ServerAlias anarchoanthro.com
 DocumentRoot /srv/wp-anarchoanthro

 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the loglevel for particular
 # modules, e.g.
 #LogLevel info ssl:warn

 ErrorLog $APACHE_LOG_DIR/error.log
 CustomLog $APACHE_LOG_DIR/access.log combined

 # For most configuration files from conf-available/, which are
 # enabled or disabled at a global level, it is possible to
 # include a line for only one particular virtual host. For example the
 # following line enables the CGI configuration for this host only
 # after it has been globally disabled with "a2disconf".
 #Include conf-available/serve-cgi-bin.conf

 # Set /srv/testsite1/cgibin/ as CGI script directory.

 ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

And here are my logs. I tried to load up anarchoanthro.com, my blog, just before grabbing these. Also I'm only including logs from today, hopefully that will narrow things down.

access.log

95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "x0fKx17xaf$Wxff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

error.log

[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'

other_vhosts_access.log

127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "x16x03x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "x80Fx01x03x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "x16x03x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "x80Fx01x03x01" 400 0 "-" "-"

Result of route command

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0

First of all I would check that I could reach the web server from a second PC on your LAN. You would probably need an entry in your hosts file to map the domain name you the internal address. This will confirm that the server is bridged correctly and isn't firewalled, and can route to the LAN.

I would then check that the server had a default route pointing to your gateway. Without this it can't reply to - or even acknowledge - inbound requests.

Finally I would run a network sniffer such as Wireshark on the server and watch for a controlled connection inbound from outside your LAN. This will confirm traffic is routed correctly.

Some ISPs, particularly in USA, block traffic to port 80. You will want to check this, too, if it's appropriate for your situation.

You need port 80 for http, 443 for https. You don't need 8080. You might want to forward or at least have your router respond to ping.

Many home routers cannot handle an internal request to their external ip address that us then forwarded internally. Exclude this situation from your tests, at least initially.

Break it down piece by piece. When you try to access, check the apache access/error logs. If apache doesn't log anything, then use tcpdump to confirm if your request is even reaching the server. There is no point digging deep in your configuration if you are not even sure if the network is allowing the request through.