0

I'm facing an issue with virtual host and Apache in general. What I'm missing is more an explanation of the big picture of how it works rather than one specific command, let me explain:

I have a single domain my.domain with one SSL cert associated to it. I cannot generate certificate for sub domain like toto.my.domain.

I have 4 services running:

  • Zabbix running with Apache on port 443 and located in /usr/share/zabbix
  • Nextcloud running with Apache on port 443 and located in /var/www/html/nextcloud
  • Transmission running on its own webserver on port 9091 and located in /usr/share/transmission
  • Emby running on its own webserver on port 8096 (http) and 8920 (https) and located God knows where

I created 4 configuration files in the sites-available folder. For Zabbix and Nextcloud, these are not vhost, just configuration with Alias and Directory directives.

  • For Zabbix Alias /zabbix /usr/share/zabbix
  • For Nextcloud Alias /nextcloud "/var/www/html/nextcloud/"

With this configuration, I can access Zabbix through https://my.domain/zabbix and Nextcloud through https://my.domain/nextcloud

For Emby and Transmission I want to access it through:

So I script-kiddy copy pasted the following vhost confs from the internet which seem to work for everyone.

For Transmission

<VirtualHost *:443>
        ServerName my.domain
        ServerAlias www.my.domain
        Redirect permanent /transmission https://my.domain/transmission

        RewriteEngine on
        RewriteRule /transmission[/]?$ /transmission/web/ [R]

        ProxyRequests On
        ProxyPreserveHost Off
        <Proxy *>
        Order allow,deny
        Allow from all
        </Proxy>

        ProxyPass /transmission http://127.0.0.1:9091/transmission
        ProxyPassReverse /transmission http://127.0.0.1:9091/transmission
</Virtualhost>

<VirtualHost *:80>
        ServerName my.domain
        ServerAlias www.my.domain
        Redirect permanent /transmission https://my.domain/transmission
</Virtualhost>

For Emby

<VirtualHost *:80>
    ServerName       my.domain
    Redirect         permanent /emby https://my.domain/emby
</VirtualHost>

<VirtualHost *:443>
        ServerName my.domain

        RewriteEngine on
        RewriteRule ^/emby$ /emby/ [R]

        <proxy *>
        Order Allow,Deny
        Allow from all
        </proxy>

        ProxyRequests     Off
        ProxyPreserveHost On

        Header        set        Connection "Upgrade"
        RequestHeader setifempty Connection "Upgrade"
        Header        set        Upgrade "websocket"
        RequestHeader setifempty Upgrade "websocket"

        # Notice!!! Put me before http!!!
        ProxyPass        /socket ws://localhost:8096/socket
        ProxyPassReverse /socket ws://localhost:8096/socket

        # Notice!!! Put me after ws!!!
        ProxyPass        / http://localhost:8096/
        ProxyPassReverse / http://localhost:8096/

</VirtualHost>

The issue is that since I only have one domain name, I don't get the point of creating "vhost" which are in fact not real vhost. In my case, Zabbix and Nextcloud are not Vhost and Emby and Transmission share the same domain name so we can't say these are Vhost am I right ?

The consequence of these configuration is that if I enable transmission first, it works but Emby doesn't. I got the message You don't have permission to access /emby

If I enable Emby first, Emby works but Transmission doesn't. And I got the message You don't have permission to access /transmission/web/

After reading this https://httpd.apache.org/docs/2.4/vhosts/name-based.html and the specific statement I understand the behavior of Apache "If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.".

That's why Emby is working if I enable it first, and same goes if I enable Transmission first.

So the last question is : how to fix it !?

Thanks in advance for any hints !

Improve this question

2 Answers 2

Reset to default
0

Yes, it does not make any sense to create multiple VirtualHosts for the same domain on the same address:port. If they're meant to serve the same paths (URLs), the webserver has no way to distinguish between them. If they're meant to serve distinct paths, one VirtualHost can already do that just fine.

Because Emby only appears to use the path /emby/ and doesn't need the whole root /, first adjust its ProxyPass accordingly; then put all ProxyPass settings for all webapps within the same VirtualHost. Similarly, combine all "redirect to HTTPS" settings into one VirtualHost.

If some webapps need different settings, use <Location> blocks inside the VirtualHost.

Improve this answer
0

Have you tried or edited the apache2 configuration file (/etc/apache2/apache2.conf; other Unix or Linux - httpd.conf, etc) directory configuration directive by adding the appropriate directory entry? In the apache configuration file you will see that directive as follows:

 <Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

... these are just examples. Don't use (it's already there usually)

So in this vein:

<Directory /var/www/emby>
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /var/www/transmission>
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

I've taken some liberties here and made some general assumptions. I've assumed there are directories or links named emby and transmission in the /var/www directory. I'm aware that apache2.conf already has a directory directive setting for /var/www (for debian based variants anyways; it's probably obvious I'm sampling Ubuntu). I realize and state this may not be the actual case in your setup.

These settings don't necessarily need to be in the primary apache2 configuration file. In fact most will tell you not to do that, and add them to the actual vhost configuration file, which most will say is the sane thing to do (I am not sane lol).

As prefaced above I've made a few assumptions so this is more of a guideline than an actual use case. I don't know which OS you're running but I can tell your running Apache 2, or it very much looks like it.

In place of the /var/www/emby and /var/www/transmission entries you would of course put the actual path to their respective directories.

I wish I could be more specific however there is not enough information provided to do that. However, I'm hoping this might give you some more ammunition to throw at your issue. I do see your rewrites above and I again state that this is informational as opposed to actual use case. Caveat stated. ;)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .