0

I have a server running debian 8.11 and apache 2.4.10 configured to serve 2 websites. One is a website built with wordpress (example.com), the other is a forum built with NodeBB (forum.example.com, which has no problems at all).

The website should be available as example.com, as www.example.com, or even inputting the IP address. All http requests should be redirected to https. The first and the last cases work, but when I input www.example.com (with www, it doesn't matter if I http or https) I end up with the following error in the browser:

Error 543
The origin web server is not available

If I open the apache logs, I find this in access.log:

"-" 408 137 "-" "-"

This is myvhost file for HTTP:

<VirtualHost *:80>
    DocumentRoot /var/www/wordpress
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/wordpress>
        Options FollowSymLinks
        AllowOverride All
    </Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
&lt;Directory &quot;/usr/lib/cgi-bin&quot;&gt;
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
&lt;/Directory&gt;

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined



</VirtualHost>


<VirtualHost *:80>
    ServerName forum.example.com


Redirect / https://forum.example.com/



</VirtualHost>

This is for HTTPS:

<IfModule mod_ssl.c>

&lt;VirtualHost *:443&gt;
    ServerAdmin admin@dymstudios.com

    DocumentRoot /var/www/wordpress
    Redirect permanent /phpmyadmin https://example.com/phpmyadmin
    &lt;Directory /&gt;
        Options FollowSymLinks
        AllowOverride None
    &lt;/Directory&gt;
    &lt;Directory /var/www/wordpress&gt;  
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    &lt;/Directory&gt;

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    &lt;Directory &quot;/usr/lib/cgi-bin&quot;&gt;
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    &lt;/Directory&gt;

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on

    SSLCertificateFile  /etc/ssl/certs/www_example_com.crt
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-comodo.key
    SSLCertificateChainFile /etc/ssl/certs/COMODORSACertificateBundle.crt

    &lt;FilesMatch &quot;\.(cgi|shtml|phtml|php)$&quot;&gt;
            SSLOptions +StdEnvVars
    &lt;/FilesMatch&gt;
    &lt;Directory /usr/lib/cgi-bin&gt;
            SSLOptions +StdEnvVars
    &lt;/Directory&gt;

    #   SSL Protocol Adjustments:   
    BrowserMatch &quot;MSIE [2-6]&quot; \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch &quot;MSIE [17-9]&quot; ssl-unclean-shutdown 

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder on
    SSLCipherSuite &quot;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4&quot;    
&lt;/VirtualHost&gt;

&lt;VirtualHost *:443&gt;
    ServerName forum.example.com
    ServerAdmin admin@dymstudios.com

    SSLEngine on

    SSLCertificateFile  /etc/ssl/certs/forum_example_com.crt
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-forum-comodo.key

    SSLCertificateChainFile /etc/ssl/certs/COMODORSAForumCertificateBundle.crt

    &lt;FilesMatch &quot;\.(cgi|shtml|phtml|php)$&quot;&gt;
            SSLOptions +StdEnvVars
    &lt;/FilesMatch&gt;
    &lt;Directory /usr/lib/cgi-bin&gt;
            SSLOptions +StdEnvVars
    &lt;/Directory&gt;

    BrowserMatch &quot;MSIE [2-6]&quot; \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch &quot;MSIE [17-9]&quot; ssl-unclean-shutdown

    ProxyRequests off

    &lt;Proxy *&gt;
            Order deny,allow
            Allow from all
    &lt;/Proxy&gt;

    RequestHeader set X-Forwarded-Proto &quot;https&quot;

    RewriteEngine On

    RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
    RewriteCond %{QUERY_STRING} transport=websocket    [NC]
    RewriteRule /(.*)           ws://127.0.0.1:4567/$1 [P,L]

    ProxyPass / http://127.0.0.1:4567/
    ProxyPassReverse / http://127.0.0.1:4567/

    ErrorDocument 503 http://status.example.com

&lt;/VirtualHost&gt;




</IfModule>

...and here the htaccess I use in the wordpress website:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://example.com/$1 [R,L]
</IfModule>

BEGIN WordPress


The directives (lines) between "BEGIN WordPress" and "END WordPress" are


dynamically generated, and should only be modified via WordPress filters.


Any changes to the directives between these markers will be overwritten.


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>


END WordPress

All the resources I found on 403 errors covered different scenarios so I'm really lost here. Thank you all!

Jarko
  • 1

0 Answers0