Announcement

Collapse
No announcement yet.

Apache redirecting to the internet and not allowing local browser access.

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Apache redirecting to the internet and not allowing local browser access.

    Apologies if this qualifies as a duplicate post. I complained about this in an OwnCloud thread, but it's old and I think this is not an OwnCloud issue.

    I setup Apache on my 14.04 Ubuntu server and opened a account with No-IP including a domain name so I could log into my OwnCloud server from the internet. Somewhere during the configuration of Apache, No-IP. and OwnCloud my Apache became unavailable on my local network. Here's what I mean:

    Installed Apache.
    Opened a browser and typed in the IP of my server and saw the default Apache page.
    Configured Apache to route all traffic using SSL (works).
    Opened and setup No-IP and registered a new domain name.
    Installed and configured OwnCloud.
    Tested and setup OwnCloud (works).
    Opened a browser and typed in the IP of my server - now I'm always re-directed to my domain name.

    All my browser traffic is routed out to the internet and then back into my server causing lots of wasted band width and speed loss. If I disconnect from the internet, any browser connection attempt to Apache (ports 80 or 443) fail because of no DNS resolution. All other services (ssh, webmin, etc.) all work normally.

    Configuration details:
    Server (14.04) and Desktop (15.04) connected via switch behind router (internet connection).
    Router port forwarding set to direct ports 80,443, and 8080 to server.
    UFW installed on Server but not enabled.

    What I want is local network to allow direct traffic to the server. Then I could log into OwnCloud locally without an internet connection.

    I've spend a couple days searching and trying different configurations, but with multiple versions of Apache and OwnCloud being commented on, it's hard to tell what is out-dated and what may work.

    Thoughts on what to check??

    Please Read Me

    #2
    Originally posted by oshunluvr View Post
    All my browser traffic is routed out to the internet and then back into my server causing lots of wasted band width and speed loss. If I disconnect from the internet, any browser connection attempt to Apache (ports 80 or 443) fail because of no DNS resolution. All other services (ssh, webmin, etc.) all work normally.
    Hmm, I remember talking about this in a thread with Steve a while back - some routers have a feature that allows them to recognise when an outgoing connection is directed at their own WAN IP address, and resolve it locally. IIRC, if your router didn't have this feature and you tried to connect to your server from the LAN using the domain name, you would not be able to connect. So, I'm not sure it's true to say that traffic between your computer and server ever leaves the LAN.

    The "speed loss" might be due to the short TTL (Time To Live) of dynamic DNS records combined with a slow DNS lookup?

    I think the easiest way to resolve the problem would be to add your domain name to the router's hosts file, and make it resolve to the (presumably static) LAN IP address of your server. That way you don't rely on NoIP's nameservers when you don't have to (LAN to LAN connections), and local connections would still work if your internet connection went down.
    samhobbs.co.uk

    Comment


      #3
      Well, the issue is the traffic should never get to the router at all, so Apache is causing that I think. The two computers are connected via a network switch, not the router. The router only acts as a firewall to the outside world and allows wifi for those devices that need it. Additionally, directly connecting via the browser works fine (does not leave the local network) if I use a port other than 80 or 443, for example 10000 for Webmin or 9091 for transmission. My comments regarding speed loss are based on assuming that traffic is leaving my network via the router, going to No-IP for DNS resolution, and returning via the router - not a significant loss of time if I'm just loggin in, but an incredibly inefficient operation.

      Somewhere in the Apache configuration, it's sending the traffic for ports 80/443 out into the internet for domain resolution and back again. I'd prefer to fix Apache to behave correctly rather than employing a work-around that evolves yet another configuration file.

      What I visually see is if I type the server IP into the browser (with no specified port or using 80 or 443), I get the "untrusted site" warning then when I allow the connection, the IP changes into "https://myinternetdomainname.com." If I use port 10000, it changes http to https, but doesn't change to the domain name - it stays on the IP address. This happens whether I attempt connection to OwnCloud this way or just to the default html page, which leads me to conclude that Apache is the culprit, not OwnCloud, although it is possible that one of the configuration suggestions from the OwnCloud install causes the issue.

      As I said, my preference (meaning what I'm going to have to figure out how to do) is first that all local network connections should use port 80 (avoiding the untrusted status and simplifying use for the other users in my world) and second all incoming outside traffic should go to port 443. Since both ports are forwarded via the router to the server, the second part is happening correctly as it is now. If the first part above isn't possible, I'll accept using 443 for all traffic, but that is not my preference.

      I think I should be able to set a rule in 000-default.conf (VirtualHost config for port 80) that allows connection from my local network domain and forwards all else to 443. I'm not sure where the DNS redirection comes from - I'm shooting in the dark here.
      Last edited by oshunluvr; Dec 24, 2015, 06:47 AM.

      Please Read Me

      Comment


        #4
        It also possible that a setting I changed is "stuck". At one point, I had a permanent redirect in VirtualHosts *:80 to direct all traffic to OwnCloud. I have since removed that directive and reloaded/restarted Apache. Now I can reach both the basic html page and owncloud in the usual way, but I'm always redirected to port 443 and out through the internet. My internet service went down for several minutes yesterday and I was unable to reach my server via https until it came back up, which is just stupid as I'm sitting right next to it...

        Please Read Me

        Comment


          #5
          Maybe it is OwnCloud that's doing the redirect? This stanza is in /etc/apache2/conf-enabled/owncloud.conf


          <VirtualHost *:80>
          RewriteEngine on
          ReWriteCond %{SERVER_PORT} !^443$
          RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
          </VirtualHost>

          My belief is this would only take effect when attempting to access OwnCloud, but maybe I'm wrong?

          Please Read Me

          Comment


            #6
            Also worth noting, ALL incoming connections are being routed through SSL including webmin and transmission, even though those are allowed without going to the internet first. Seems there's possibly two issues at play.

            CORRECTION: Webmin is going through SSL (port 10000) but it appears transmission (port 9091) is not. Weird. Attempting a direct connect to webmin (ip:10000) get an error message that the webserver is using SSL and to retry access using https://. Maybe Webmin uses port 80/443 to establish a connection to port 10000?
            Last edited by oshunluvr; Dec 24, 2015, 08:02 AM.

            Please Read Me

            Comment


              #7
              Here's a thought: Can I port forward port 80 traffic to port 443 on the router, then disable the VirtualHost *:80 redirects? Will that effectively close port 80 from the outside?

              Please Read Me

              Comment


                #8
                Ok, I basically fixed this.

                The cause of all traffic being pushed out to the internet was Owncloud config.php which I solved by adding my local server IP to trusted domains, and the owncloud.conf which redirected everything to SSL. Removing the <VirtualHost 80> section solved that.

                Now I can get into OwnCloud on my local network through port 80 but all incoming traffic is routed to 443.

                Please Read Me

                Comment

                Working...
                X