Koozali.org: home of the SME Server

Hostname changes & external website access

Offline smeghead

  • *
  • 557
  • +0/-0
Hostname changes & external website access
« on: September 26, 2012, 05:02:42 PM »
Hi all

Something thats bugged me off & on for a good while finally drove me to investigate it in detail & come up with a solution.

I have a number of clients that use an SME as a proxy/gateway & usually email, but they have their website hosted externally; the system may or may not have an internal Windows server providing DNS/DHCP, it doesn't seem to matter.

When the clients site is hosted externally I have gone to the hostnames panel & changed the 'www' host to point to the external IP, saved, only to find that the www is still resolved to the SME no matter what I do;  I have done a full signal-event update cycle to see if it fixes, nope;  changed DNS resolution to point to SME explicitly, nope;  cleaned out the Squid cache, nope; cleaned the browser cache, nope; turned off squid, nope, use a different computer, nope .. funnily enough I never tried turning off the HTTP proxy as I didn't expect it to be Apache, at least to start with.

If I ping the hostname it resolves correctly, be it from the SME itself or a workstation, but try to access via a browser & we get the SME.

After a bit of digging around it seems the issue is with Apache, let me explain.

Within the httpd.conf file the main website name is hard coded to be 'www' so that no matter what I change elsewhere if the httpd proxy is enabled (as it is by default) Apache sees the call for www as a request it must resolve itself, & promptly does.

The solution/workaround turned out to be rather simple.

The first thing I did was create a db variable called WebHostName & set it to www2:  db configuration set WebHostName www2

The second thing was to create a template fragment in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf called 45ServerName (I actually copied the orig from /etc/e-smith/templates/etc/httpd/conf/httpd.conf) & edited it so that:

ServerName www.{ $DomainName }

became

ServerName { $WebHostName }.{ $DomainName }

then signal-event post-upgrade; signal-event reboot (tho signal-event ibay-modify would probably suffice)

The upshot is that now Apache doesn't grab the request for www & all is sweetness & light 8-).

I can think of several better ways to make this change more robust & elegant but at the moment this works for me.  I may tweak it by adding in some logic to the template so that if the www record doesn't point to the local server then the local website uses the physical system name (the SystemName variable in the config file).

If anyone has a better idea let me know.  I'll build this into a howto later once the best way is decided; it may also be worth posting as a bug & let the devs review it as I figure SME8 may well behave the same tho I haven't tested this so it is mere supposition.  If someone here that can test this it be good to post up your results.  If it does behave the same I post a link in the SME8 forum to this post.

HTH
..................

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Hostname changes & external website access
« Reply #1 on: September 26, 2012, 05:54:58 PM »
After a bit of digging around it seems the issue is with Apache, let me explain.

I'm skeptical of that. Let me explain.

Quote
Within the httpd.conf file the main website name is hard coded to be 'www' so that no matter what I change elsewhere if the httpd proxy is enabled (as it is by default) Apache sees the call for www as a request it must resolve itself, & promptly does.

Apache shouldn't receive any connections using the 'www' name if DNS is resolving that name to an external address. squid (the http proxy) should be making those connections to the external web server.

Your issue must have something to do with cached data - either web pages, or stale DNS information in squid's DNS agent. Rebooting probably clears that cache.

Offline smeghead

  • *
  • 557
  • +0/-0
Re: Hostname changes & external website access
« Reply #2 on: September 26, 2012, 10:12:57 PM »
Thanks for the input Charlie.

I was skeptical too which is why I tried all the squid/dnscache/browser cache/rebooting options before even considering Apache as an option.

I agree that Apache shouldn't see a connection if DNS & Squid are behaving as I would expect, but proof of the pudding for me is that this 'fix' works where all other options didn't.

I've yet to test this out on multiple servers so will report back when I have done so just in case we have something idiosyncratic occuring; it also needs to be tested on a 'vanilla' server as all the boxes I have available to me have quite a few contribs loaded.  Obviously a contrib might be causing an issue here.

Custom template fragments on this server are:

/etc/e-smith/templates-custom/etc/squid/squid.conf/75SizeOfCache: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/squid/squid.conf/70StoreAvgObjectSize: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/squid/squid.conf/72MaxHeaderSize: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/squid/squid.conf/70maximum_object_size: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/squid/squid.conf/71MaxCacheTime: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/squid/squid.conf/15cache_memory: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/squid/squid.conf/15cache_replacement_policy: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/99isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/httpd/admin-conf/httpd.conf/20Manager: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/45ServerName: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/88Isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/sysctl.conf/net.ipv4.ip_conntrack_max: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/my.cnf/009socket: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/42SetupPortBlocks: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/91adjustPortBlocks: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/fetchmail/60multi-drop: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/fetchmail/50multi-drop: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/fetchmail/55multi-drop: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/template-end: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/template-begin: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.conf/isoqlog: OWNED_BY_RPM, ADDITION

Server is a fully patched & up to date SME 7.6

In the mean time any one else that want to give it a try & report back feel free.
..................

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Hostname changes & external website access
« Reply #3 on: September 27, 2012, 02:24:30 AM »
I agree that Apache shouldn't see a connection if DNS & Squid are behaving as I would expect, but proof of the pudding for me is that this 'fix' works where all other options didn't.

Mere co-incidence, I'd suggest. Try removing your changes and see if the bad behaviour comes back.

BTW, I'm glad to see you didn't say "the proof is in the pudding", that bugs me:

http://www.phrases.org.uk/meanings/proof-of-the-pudding.html
http://www.visualthesaurus.com/cm/wordroutes/how-did-the-proof-get-in-the-pudding/

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Hostname changes & external website access
« Reply #4 on: September 27, 2012, 04:55:04 AM »
Custom template fragments on this server are:

I'd recommend that you get rid of as many of those as you can. For any which say "owned by an rpm" - complain to the rpm developer - rpms should not contain custom-templates.