Right now, using the default INSTALL.txt instructions, all that is hooked into the apache configuration is an include of config/vhost.d. That will mean that the default vhost on a Aegir install when no vhost is specified will be the first site in alphabetical order.

So let's say I have a misconfigured site that for some reason lost its vhost config file. Or it could be a dangling DNS record pointing to Aegir. For whatever the reason, someone requests foo.example.com from the Aegir-managed Apache server. Apache will look if there's a ServerName that matches it, otherwise it will serve the "default" vhost for that port. The default is either the server defined using: <VirtualHost _default_:80>or the first <VirtualHost> defined in the configuration. Since config files are loaded in alphabetical order, that will be the first vhost in alphabetical order.

That is rather annoying and makes things really much weirder than needs to be when something is wrong.

So I think we should create a VirtualHost for the "Aegir" platform (which should be treated specially anyways):

<VirtualHost _default_:80>
  DocumentRoot /var/aegir/drupal-5.18-aegir 
    
  ServerName aegir.koumbit.net

# Extra configuration from modules:

    # Error handler for Drupal > 4.6.7
    <Directory "/var/aegir/drupal-5.18-aegir/sites/default/files">
      SetHandler This_is_a_Drupal_security_line_do_not_remove
    </Directory>

</VirtualHost>

... that's just a duplication of our original vhost, but it gives a good idea of the issue.

Comments

anarcat’s picture

anarcat commented
Version: 6.x-0.2 » 6.x-0.4-alpha3
Priority: Normal » Critical

Basically, the situation right now works because "aegir.example.com" is very often the first site in the directory listing so Apache serves it first, but this because a real problem when someone hits the server and finds a totally different site.

Also, the sample config file above doesn't yield a 404 and instead redirects to the aegir site: that doesn't resolve anything. The user will be served install.php instead (because there's no site in sites/default). We should make sites/default a symlink to our hostmaster install (by adding it to the site's alias, for example, so that regular checks kick in and we don't destroy an existing site).

adrian’s picture

adrian commented

ideally this should wait for the server verify task,

but we already have a server config we generate for the modenv variable, so we could include a default host in there.

adrian’s picture

adrian commented
Title: create a _default_ virtual host for aegir that returns a 404 » create a virtual host for aegir that returns a 404 - needs to be first in config

so after some testing, we've discovered that _default_ in apache doesn't mean what it means in the rest of the world.

Because the matching of request to virtualhost only takes into account the ip address, and only after that filters down to the servername directive ... the _default_:$port virtual host while we have any working name based virtual hosts.

the only way to set the default is by specifying it first in the config file.

this might make installation more complex as we need to ensure our aegir directives are placed before the normal apache directives, which is a fair bit more invasive than i would have liked.

anarcat’s picture

anarcat commented
Title: create a virtual host for aegir that returns a 404 - needs to be first in config » make the default Apache VirtualHost return a 404

To be real clear with _default_: "A default vhost never serves a request that was sent to an address/port that is used for name-based vhosts. If the request contained an unknown or no Host: header it is always served from the primary name-based vhost (the vhost for that address/port appearing first in the configuration file)." http://httpd.apache.org/docs/2.0/vhosts/examples.html#default

That means: if you have name-based virtual hosts and use standard ports, _default_ is never used. So it's of very limited use for aegir, except eventually when we start having multiple IP management.

The default *name-based* vhost is the first one apache finds in its configuration file. Which makes parsing order important, which requires changing the way we manage config files. This means that this feature depends on #716166: reshuffle the apache config directory.

More information on how vhosts are parsed and handled: http://httpd.apache.org/docs/2.0/vhosts/details.html

We have found that the default vhost needs to be the first one loaded and fool around the Redirect rules. I was able to get good results using the following config in config/vhost.d/0.conf:

<VirtualHost *:80>
  ServerName default
  Redirect 404 /
</VirtualHost>
<VirtualHost _default_:80>
  Redirect 404 /
</VirtualHost>

Note how this overrides the VirtualHost named "default", which may not be desirable.

adrian’s picture

adrian commented
Status: Active » Fixed

I fixed this alongside #716166: reshuffle the apache config directory

I modified instructions to make the use include the apache.conf instead of the wildcard include (as was necessary), and I also generate the 'default' vhost in the same loop as the namevirtualhost entry.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.