IP Address not working correctly.

[jim.thornton]

I have 4 ip addresses.

74.63.67.146 - my main server. I have also configured my main domain to "own" this IP address and have installed an SSL cert. The domain and the cert work correctly but when you type in the IP address in, it shows "Apache is functioning normally".

74.63.67.147 - this is owned by a client. Same thing happens as above.
74.63.67.148 - this is the shared IP. Everything works correctly.
74.63.67.149 - this is another owned IP and it works correctly.

The only thing that is different from 146, 147 & 149 is that I also have NS1 & NS2 configured to use 146 and 147 respectively.

Have I set this up correctly?
Can I use the same IP for nameservers and dedicated IP's for the purpose of SSL?
Do I need to change something?

 

[nobaloney]

What are the domains that use each of these IP#s?

Jeff

 

[jim.thornton]

Sorry... I didn't use them because I just don't want Google indexing them on a forum.

146 - e-x-t-r-a-6.c-o-m (without all the dashes)

147 - q-u-i-c-k-m-o-r-t-g-a-g-e-a-p-p-r-o-v-a-l-s.c-a

148 - shared amoungst many

149 - m-o-n-e-y-t-i-m-e.c-a

 

[nobaloney]

74.63.67.146 - my main server. I have also configured my main domain to "own" this IP address and have installed an SSL cert. The domain and the cert work correctly but when you type in the IP address in, it shows "Apache is functioning normally"

The domain name you posted for .146 points to 74.63.67.146, so that part is correct.

74.63.67.147 - this is owned by a client. Same thing happens as above.

Not quite. When I check, I get the "Apache is functioning normally" screen no matter which I type, the IP# or the domain name.

74.63.67.148 - this is the shared IP. Everything works correctly.

I'll take your word for it; you dind't give any example domain names.

74.63.67.149 - this is another owned IP and it works correctly.

In my tests as well.

The only thing that is different from 146, 147 & 149 is that I also have NS1 & NS2 configured to use 146 and 147 respectively.

Have I set this up correctly?
Can I use the same IP for nameservers and dedicated IP's for the purpose of SSL?
Do I need to change something?

We've never configured specific IP#s to use as nameservers, but instead we've always used what DirectAdmin calls virtual nameservers; under Reseller logins, under Nameservers, we've set the nameserver names but we've never used IP#s to create nameservers. Whereas I believe that may have been necessary early in DirectAdmin's development, to make sure the IP#s were active on the server, I don't think that's true anymore, my testing has shown that as soon as IP#s are added to the server they become active.

That said, we have recently noticed that on some of our servers, using shared IP#s alone in browsers are pointing to one of the domains on the IP# instead of the "shared notice". Let's see what DirectAdmin staff has to say; I'm bringing this thread to their attention.

Jeff

 

[jim.thornton]

74.63.67.147 - this is owned by a client. Same thing happens as above.
Not quite. When I check, I get the "Apache is functioning normally" screen no matter which I type, the IP# or the domain name.

That is correct. After I posted this message it both the IP and the domain started pointing to the Apache message.

an example shared ip domain is mysamplesite.info - It correctly points to the website.

Do you think that the problem with 146 & 147 is the way I have setup the nameservers? I think my problem there is that I don't really understand how the nameservers work or how they should be configured. I've tried finding articles on DNS stuff but they are either way too vague or way over my head.

 

[nobaloney]

As I've already written, Let's see what DirectAdmin staff has to say.

Jeff

 

[DirectAdmin Support]

Hello,

for 147 I see a site, so it's owned... seems ok from my end.

The one bit that caught my attention is:

74.63.67.146 - my main server. I have also configured my main domain to "own" this IP address and have installed an SSL cert.

because you can't own the server IP. You can install a shared server cert on it.. but all domains on any shared IP will use that certificiate.

John

 

[nobaloney]

Something was fixed ; the last time I looked 147 pointed to apache is functioning normally; it was still in my cache until a moment ago when I refreshed my browser.

Jeff

 

[jim.thornton]

Something was fixed ; the last time I looked 147 pointed to apache is functioning normally; it was still in my cache until a moment ago when I refreshed my browser.

Jeff

Hey Jeff,

Any more news/info on this?? I think I might have some more information that might help diagnose the problem. My server (146) is setup as the domain for my main webhosting account. When I go into the IP Management screen, it shows the status as follows:

74.63.67.146 - Server
74.63.67.147 - Owned
74.63.67.148 - Shared
74.67.67.149 - Owned

147, 148 and 149 are all working correctly now. My VPS provider went in and deleted the user ofr 147 and manually installed the user again. HOWEVER, 146 is still not working correctly.

In addition, in the IP Management screen, under the users column it says 1 instead of the user name. I tried assigning it to me (the admin) but it wouldn't change the status to "Owned".

 

[nobaloney]

A server IP# is handled as shared, it's NOT handled as owned. I brought this up recently in another thread. If you need the IP# to resolve to the IP#, then you need to check your main httpd.conf file and figure out where your apache daemon is finding the DocumentRoot, and either change it in the httpd.conf file, or else put a redirect to the domain. Even though using the latter method will rewrite the browser's URL it's still preferable to the former method. Why? Because DirectAdmin expects to find certain files in the main DocumentRoot. So if you use the former method you may need to create a bunch of links for (as an example, the various webmail programs, log analysis programs, etc.), and this could, if one of those programs has an exploit that's ever found, this could create a serious security issue for your main site.

Or simpler; just get another IP# for your main site.

Jeff

 

[jim.thornton]

Thank you... Question:

Since everything is currently set up, can I go and get rid of the shared IP? I can set all of the current sites that are on 148 and switch them to 146 and then take my main site and make it 148? Then, I can own the 148 and it won't be an issue.

However, I don't think that this will solve my problem for 147 that is by default using the site cert instead of the one that I installed for the server. Even if 146 is treated as a shared server, when I assigned the 147 to this particular domain, it should have created it properly, shouldn't it? I mean, I shouldn't have to go into the shell and edit the config files for every cert that is installed, right?

 

[nobaloney]

Thank you... Question:

Since everything is currently set up, can I go and get rid of the shared IP? I can set all of the current sites that are on 148 and switch them to 146 and then take my main site and make it 148? Then, I can own the 148 and it won't be an issue.

That should work.

However, I don't think that this will solve my problem for 147 that is by default using the site cert instead of the one that I installed for the server. Even if 146 is treated as a shared server, when I assigned the 147 to this particular domain, it should have created it properly, shouldn't it? I mean, I shouldn't have to go into the shell and edit the config files for every cert that is installed, right?

When I use my browser to look at 74.63.67.147 I get the QuickMortgageApprovals.ca site. Isn't that what you want? don't you get it?

Jeff

 

[jim.thornton]

That should work.

When I use my browser to look at 74.63.67.147 I get the QuickMortgageApprovals.ca site. Isn't that what you want? don't you get it?

Jeff

Yes... Sorry, I got confused there for a second.

I'm also having a problem installing SSL certificates. For some reason when I install an SSL certificate for a user DA tries to use the server certificate instead of the one that I pasted in the SSL setup screen.

My provider fixed the problem for me. They did the exact same things as me but for some reason they aren't installing correctly when I'm doing them.

 

[nobaloney]

Are you giving those accounts their own IP#? Are you checking afterwards to see if the domain name is pointing to that unique IP#?

Are you checking your user-level httpd.conf file to see if it's go the right IP#?

Are you checking the paths in your user-level httpd.conf file to see if they point to your installed Certificate?

Those are the steps I take when you pay me us$125 to find the problem .

Jeff

 

[jim.thornton]

Yes I'm making sure the user owns their IP first.
Yes I'm making sure the IP is pointing to the user first.
where is the user-level httpd.conf?

Should I not be able to install an SSL certificate without having to go into SSH to finish the job? Or is it normal to have to do that for every one?

Here are the steps that I took exactly:
- Activated the SSL for the user
- Set the symlink for private_html and public_html so they will share the same content
- Generated a CSR from within DA
- Submitted CSR to CA
- Copied the cert that was emailed to me and pasted it below the key in DA

For some reason it didn't work. When I went to the site a message came up saying that the SSL certificate was suppose to be pointing to my main site's certificate. Therefore it wasn't "seeing" the installed certificate.

 

[nobaloney]

While it's not normal that you should have to shell into your server to find the problem, neither is it normal to have a problem. Nor do you have to shell into your server to check as I've mentioned. You can check these through your DirectAdmin control panel.

Usually when posters ask us to try to install their Certificate we instead recommend that they buy a Certificate from us, which includes intallation. It's generally cheaper than having us troubleshoot the problem.

However you should certainly try to troubleshoot the problem yourself; it's a learning experience.

The user-level httpd can be found at the admin level, under Custom HTTPD Configurations. You can't make any changes which may be necessary there, but you can certainly see what's there now.

Jeff

 

[jim.thornton]

Thank you... I have never noticed that option before. That should make it much easier to troubleshoot.