Koozali.org: home of the SME Server

SME Server 9.2 Virtual Domains

Offline cpits

  • 10
  • +0/-0
SME Server 9.2 Virtual Domains
« on: April 11, 2020, 02:13:39 AM »
Hello all,
We currently have a production deployment of 9.2 which is hosting both our main website & email services on a static public ip address. The web site is contained in the primary ibay.

Our issue is that we are now trying to host 2 virtual domains for our client, as well as email however whilst the ibays have been created the named host component of Apache does not recognise these domains.

Have we missed something in the configuration or is there some configuration problem in Apache?

We tried using internet dns resolution (DNS settings correct using CNAME entries) and yet when trying to navigate to the site the server either times out or connection refused.

Please any assistance greatly appreciated!
« Last Edit: April 11, 2020, 03:17:00 AM by cpits »

Offline cpits

  • 10
  • +0/-0
Re: SME Server 9.2 Virtual Domains
« Reply #1 on: April 11, 2020, 05:58:22 AM »
Hello all,
We currently have a production deployment of 9.2 which is hosting both our main website & email services on a static public ip address. The web site is contained in the primary ibay.

Our issue is that we are now trying to host 2 virtual domains for our client, as well as email however whilst the ibays have been created the named host component of Apache does not recognise these domains.

Have we missed something in the configuration or is there some configuration problem in Apache?

We tried using internet dns resolution (DNS settings correct using CNAME entries) and yet when trying to navigate to the site the server either times out or connection refused.

Please any assistance greatly appreciated!


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: SME Server 9.2 Virtual Domains
« Reply #2 on: April 11, 2020, 06:23:37 AM »
cpits

When you created the additional domain name in the Domains panel, did you point it at the newly created ibay name ?

Also external DNS records should point the new domain name at the public IP of the SME server.

SME server will resolve multiple domains, as they are shown in the Domains panel, so no fancy external DNS required.

You can set the domain name to resolve internally or using external Internet lookups, that is only really applicable to internal (LAN) requests for the site, so either way should typically work when everything is setup correctly.

Best you post your configuration settings here for Domains & Ibays.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME Server 9.2 Virtual Domains
« Reply #3 on: April 11, 2020, 11:19:20 AM »
Have you got an A record set for the new domain?

I'm not sure how it will work with CNAMEs. You aren't passing one domain to another. Your server needs to answer for the new domain AS the domain/host.

Eg https://support.dnsimple.com/articles/cname-record/

You would need an A pointing to your IP to set up an MX for mail as well.

https://mxtoolbox.com/SuperTool.aspx?action=mx%3acarearmy.org&run=toolpage

It also looks like you have got inconsistent dns for other hosts on the domain? Ie run the http/https tool on www.carearmy.org

Also note you may want to look at the domain pseudonyms contrib for mail.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: SME Server 9.2 Virtual Domains
« Reply #4 on: April 11, 2020, 01:08:41 PM »
I'm not sure how it will work with CNAMEs.

CNAMEs work fine -- I have a wildcard CNAME for my domain pointing to the dyndns hostname for my server -- all SME-hosted domains perform correctly.

For *testing*, you can also edit the local 'hosts' file on your workstation (unless you browse using a proxy).  On MacOS this is at /private/etc/hosts.  On Windows, it's at c:\windows\system32\drivers\etc\hosts.  To test from offsite, add an entry with the public IP of your SME server, a space or tab, then the name. (more info, if you want it...)

cpits -

Assuming:
- your current domain is original.smeserver.tld
- your ibay name is ibayname
- your new domain is newdomain.newsmesv.xxx

Creating new domains on your SME should have looked like this:

1) Create the new ibay (eg ibayname)
==> you should now see the new ibay from inside or outside the network using http://original.smeserver.tld/ibayname
You must see the new ibay before proceeding

2) Create the new domain (eg newdomain.newsmesv.xxx)
* You need to enter the full domain name here
* During domain creation, specify ibayname in the i-bay pull-down
* Set DNS to 'resolve locally'
==> you should see the new ibay using http://newdomain.newsmesv.xxx from the LAN behind the SME server.
You must be able to see the new ibay at the new domain from a workstation behind the SME server before proceeding

3) create a public DNS entry for newdomain.newsmesv.xxx pointing to your SME server's public IP address.
* This can be a CNAME for original.smeserver.tld,
* You can test from off-site using a local hosts file as described above


Notes:
* ibayname cannot be 'files', 'horde', 'webmail', 'server-manager', 'server-common', 'user' or any other url reserved by the SME templates on your system (search /etc/httpd/conf/httpd.conf for 'RewriteRule').

* Modern browsers may give you problems if the SSL certificate on your server does not include the new name (but you'd get a different error if that was the problem at this point...)

* The new domain cannot match any existing host entry on your SME for the original domain - ftp.mysmeserver.tld, mail.mysmeserver.tld, proxy.mysmeserver.tld, wpad.mysmeserver.tld, www.mysmeserver.tld, or <any manually created host entry>.mysmeserver.tld)

* If your public DNS resolves to your SME server at all then you would see the Primary ibay if the SME ibay and domain configuration were incorrect, and you would see entries in /var/log/httpd/access_log related to your attempted access.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME Server 9.2 Virtual Domains
« Reply #5 on: April 11, 2020, 01:45:48 PM »
Not sure why you'd use a CNAME when you can primarily set an A for the domain even with dyndns?

Just like to understand why?

I'm no DNS expert but from the link I posted that seems to be contrary to the RFC?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline cpits

  • 10
  • +0/-0
Re: SME Server 9.2 Virtual Domains
« Reply #6 on: April 16, 2020, 02:42:11 AM »
Thank you all for the replies.

As you can see I have attached screenshots of the current configurations for carearmy.org.

The sites should be working according to the configuration.

This is getting admittedly frustrating.

Offline cpits

  • 10
  • +0/-0
Re: SME Server 9.2 Virtual Domains
« Reply #7 on: April 16, 2020, 04:30:19 AM »
Update:
It's working!

After mmccarn's reply (one of the points in it actually httpd.conf), I also enabled the canonical option and turned off the ssl requirement and now everything is working... thank you all.

 8-)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SME Server 9.2 Virtual Domains
« Reply #8 on: April 16, 2020, 10:30:51 AM »
Update:
It's working!

Cool.

Quote
After mmccarn's reply (one of the points in it actually httpd.conf), I also enabled the canonical option and turned off the ssl requirement and now everything is working... thank you all.

Why on earth do you want to turn off SSL? This is 2020. It won't be long before browsers almost completely block non SSL sites.

Get letsencrypt/dehydrated set up properly and enable SSL for your domains. better for you and your domain users. Read the wiki for details.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation