Ayuda con httpd.conf OpenSuse

Iniciado por Cioouw, 1 Mayo 2010, 00:41 AM

0 Miembros y 1 Visitante están viendo este tema.

Cioouw

Hola, pues mi lamp funciona perfecto, el unico problema es que no puedo acceder a mi webserver desde wan, tengo configurado el firewall y el servicio http para que tenga salida a wan (aparentemente) pero aun asi no logro conectarme desde la wan a mi pc, alquien me hecha una mano ...

Aqui dejo mi httpd.conf ... el server esta sobre OpenSuse 11.1

Citar#
# /etc/apache2/httpd.conf
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs-2.2/> for detailed information about
# the directives.

# Based upon the default apache configuration file that ships with apache,
# which is based upon the NCSA server configuration files originally by Rob
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.

# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.

# Quickstart guide:
# http://www.opensuse.org/Apache_Howto_Quickstart


# Overview of include files, chronologically:
#
# httpd.conf
#  |
#  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
#  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
#  |-- sysconfig.d/loadmodule.conf . . . . . 
  • load these modules
    #  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
    #  |-- mod_log_config.conf . . . . . . . . .  define logging formats
    #  |-- sysconfig.d/global.conf . . . . . . . 
  • server-wide general settings
    #  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
    #  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
    #  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
    #  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
    #  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
    #  |-- errors.conf . . . . . . . . . . . . .  customize error responses
    #  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
    #  |
    #  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
    #  |    |--mod_userdir.conf  . . . . . . . .  enable UserDir (if mod_userdir is loaded)
    #  |    `--conf.d/apache2-manual?conf  . . .  add the docs ('?' = if installed)
    #  |
    #  |-- sysconfig.d/include.conf  . . . . . . 
  • your include files
    #  |                                             (for each file to be included here, put its name
    #  |                                              into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
    #  |
    #  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
    #       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
    #
    #
    # Files marked
  • are created from sysconfig upon server restart: instead of
    # these files, you edit /etc/sysconfig/apache2



    #  Filesystem layout:
    #
    # /etc/apache2/
    #  |-- charset.conv  . . . . . . . . . . . .  for mod_auth_ldap
    #  |-- conf.d/
    #  |   |-- apache2-manual.conf . . . . . . .  conf that comes with apache2-doc
    #  |   |-- mod_php4.conf . . . . . . . . . .  (example) conf that comes with apache2-mod_php4
    #  |   `-- ... . . . . . . . . . . . . . . .  other configuration added by packages
    #  |-- default-server.conf
    #  |-- errors.conf
    #  |-- httpd.conf  . . . . . . . . . . . . .  top level configuration file
    #  |-- listen.conf
    #  |-- magic
    #  |-- mime.types -> ../mime.types
    #  |-- mod_autoindex-defaults.conf
    #  |-- mod_info.conf
    #  |-- mod_log_config.conf
    #  |-- mod_mime-defaults.conf
    #  |-- mod_perl-startup.pl
    #  |-- mod_status.conf
    #  |-- mod_userdir.conf
    #  |-- mod_usertrack.conf
    #  |-- server-tuning.conf
    #  |-- ssl-global.conf
    #  |-- ssl.crl/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Revocation Lists (CRL)
    #  |-- ssl.crt/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificates
    #  |-- ssl.csr/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Signing Requests
    #  |-- ssl.key/  . . . . . . . . . . . . . .  PEM-encoded RSA Private Keys
    #  |-- ssl.prm/  . . . . . . . . . . . . . .  public DSA Parameter Files
    #  |-- sysconfig.d/  . . . . . . . . . . . .  files that are created from /etc/sysconfig/apache2
    #  |   |-- global.conf
    #  |   |-- include.conf
    #  |   `-- loadmodule.conf
    #  |-- uid.conf
    #  `-- vhosts.d/ . . . . . . . . . . . . . .  put your virtual host configuration (*.conf) here
    #      |-- vhost-ssl.template
    #      `-- vhost.template



    ### Global Environment ######################################################
    #
    # The directives in this section affect the overall operation of Apache,
    # such as the number of concurrent requests.

    # run under this user/group id
    Include /etc/apache2/uid.conf

    # - how many server processes to start (server pool regulation)
    # - usage of KeepAlive
    Include /etc/apache2/server-tuning.conf

    # ErrorLog: The location of the error log file.
    # If you do not specify an ErrorLog directive within a <VirtualHost>
    # container, error messages relating to that virtual host will be
    # logged here.  If you *do* define an error logfile for a <VirtualHost>
    # container, that host's errors will be logged there and not here.
    ErrorLog /var/log/apache2/error_log

    # generated from APACHE_MODULES in /etc/sysconfig/apache2
    Include /etc/apache2/sysconfig.d/loadmodule.conf

    # IP addresses / ports to listen on
    Include /etc/apache2/listen.conf

    # predefined logging formats
    Include /etc/apache2/mod_log_config.conf

    # generated from global settings in /etc/sysconfig/apache2
    Include /etc/apache2/sysconfig.d/global.conf

    # optional mod_status, mod_info
    Include /etc/apache2/mod_status.conf
    Include /etc/apache2/mod_info.conf

    # optional cookie-based user tracking
    # read the documentation before using it!!
    Include /etc/apache2/mod_usertrack.conf

    # configuration of server-generated directory listings
    Include /etc/apache2/mod_autoindex-defaults.conf

    # associate MIME types with filename extensions
    TypesConfig /etc/apache2/mime.types
    DefaultType text/plain
    Include /etc/apache2/mod_mime-defaults.conf

    # set up (customizable) error responses
    Include /etc/apache2/errors.conf

    # global (server-wide) SSL configuration, that is not specific to
    # any virtual host
    Include /etc/apache2/ssl-global.conf

    # forbid access to the entire filesystem by default
    <Directory />
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
    </Files>

    # List of resources to look for when the client requests a directory
    DirectoryIndex index.html index.html.var

    ### 'Main' server configuration #############################################
    #
    # The directives in this section set up the values used by the 'main'
    # server, which responds to any requests that aren't handled by a
    # <VirtualHost> definition.  These values also provide defaults for
    # any <VirtualHost> containers you may define later in the file.
    #
    # All of these directives may appear inside <VirtualHost> containers,
    # in which case these default settings will be overridden for the
    # virtual host being defined.
    #
    Include /etc/apache2/default-server.conf


    # Another way to include your own files
    #
    # The file below is generated from /etc/sysconfig/apache2,
    # include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
    # APACHE_CONF_INCLUDE_DIRS
    Include /etc/apache2/sysconfig.d/include.conf


    ### Virtual server configuration ############################################
    #
    # VirtualHost: If you want to maintain multiple domains/hostnames on your
    # machine you can setup VirtualHost containers for them. Most configurations
    # use only name-based virtual hosts so the server doesn't need to worry about
    # IP addresses. This is indicated by the asterisks in the directives below.
    #
    # Please see the documentation at
    # <URL:http://httpd.apache.org/docs-2.2/vhosts/>
    # for further details before you try to setup virtual hosts.
    #
    # You may use the command line option '-S' to verify your virtual host
    # configuration.
    #
    Include /etc/apache2/vhosts.d/*.conf


    # Note: instead of adding your own configuration here, consider
    #       adding it in your own file (/etc/apache2/httpd.conf.local)
    #       putting its name into APACHE_CONF_INCLUDE_FILES in
    #       /etc/sysconfig/apache2 -- this will make system updates
    #       easier :)

Nakp

poco tiene que ver si accedes por lan, wan, inet, etc... pega estos archivos (si es que tienes)

/etc/apache2/listen.conf
/etc/apache2/vhosts.d/*.conf (si es que son varios)

o tendras que configurar un virtualhost para que tu apache escuche :P

en listen.conf deberia haber algo como

Código (apache) [Seleccionar]
Listen 80


o para la lan (wan, pan, san, tan, *an xDD)


Código (apache) [Seleccionar]
Listen 192.168.1.*:80


o como sea el rango de ips que tengas :P
Ojo por ojo, y el mundo acabará ciego.

Cioouw

Este es el listen.conf

Citar# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports. See also the <VirtualHost> directive.
#
# http://httpd.apache.org/docs-2.2/mod/mpm_common.html#listen
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
#Listen 12.34.56.78:80
#Listen 80
#Listen 443



<IfDefine SSL>
    <IfDefine !NOSSL>
   <IfModule mod_ssl.c>

       Listen 443

   </IfModule>
    </IfDefine>
</IfDefine>


# Use name-based virtual hosting
#
# - on a specified address / port:
#
#NameVirtualHost 12.34.56.78:80
#
# - name-based virtual hosting:
#
#NameVirtualHost *:80
#
# - on all addresses and ports. This is your best bet when you are on
#   dynamically assigned IP addresses:
#
#NameVirtualHost *

Listen 80

Lo cambie a Listen 192.168.1.*:80 y no funciono .. Listen 192.168.1.20:80 tampoco funciono .. le puse Listen 127.0.0.1:80 y si funciono pero solo para LAN.

Este es el otro file

Citar#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    ServerName dummy-host.example.com

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/dummy-host.example.com

    # if not specified, the global error log is used
    ErrorLog /var/log/apache2/dummy-host.example.com-error_log
    CustomLog /var/log/apache2/dummy-host.example.com-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off

    # needed for named virtual hosts
    UseCanonicalName Off

    # configures the footer on server-generated documents
    ServerSignature On


    # Optionally, include *.conf files from /etc/apache2/conf.d/
    #
    # For example, to allow execution of PHP scripts:
    #
    # Include /etc/apache2/conf.d/mod_php4.conf
    #
    # or, to include all configuration snippets added by packages:
    # Include /etc/apache2/conf.d/*.conf


    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/"

    # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have one, and where ScriptAlias points to.
    #
    <Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin">
   AllowOverride None
   Options +ExecCGI -Includes
   Order allow,deny
   Allow from all
    </Directory>


    # UserDir: The name of the directory that is appended onto a user's home
    # directory if a ~user request is received.
    #
    # To disable it, simply remove userdir from the list of modules in APACHE_MODULES
    # in /etc/sysconfig/apache2.
    #
    <IfModule mod_userdir.c>
   # Note that the name of the user directory ("public_html") cannot simply be
   # changed here, since it is a compile time setting. The apache package
   # would have to be rebuilt. You could work around by deleting
   # /usr/sbin/suexec, but then all scripts from the directories would be
   # executed with the UID of the webserver.
   UserDir public_html
   # The actual configuration of the directory is in
   # /etc/apache2/mod_userdir.conf.
   Include /etc/apache2/mod_userdir.conf
   # You can, however, change the ~ if you find it awkward, by mapping e.g.
   # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
   #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
    </IfModule>


    #
    # This should be changed to whatever you set DocumentRoot to.
    #
    <Directory "/srv/www/vhosts/dummy-host.example.com">
   
   #
   # Possible values for the Options directive are "None", "All",
   # or any combination of:
   #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
   #
   # Note that "MultiViews" must be named *explicitly* --- "Options All"
   # doesn't give it to you.
   #
   # The Options directive is both complicated and important.  Please see
   # http://httpd.apache.org/docs-2.2/mod/core.html#options
   # for more information.
   #
   Options Indexes FollowSymLinks
   
   #
   # AllowOverride controls what directives may be placed in .htaccess files.
   # It can be "All", "None", or any combination of the keywords:
   #   Options FileInfo AuthConfig Limit
   #
   AllowOverride None
   
   #
   # Controls who can get stuff from this server.
   #
   Order allow,deny
   Allow from all
   
    </Directory>

</VirtualHost>

Nakp

solo para lan? pero por que ip entras?

diras para localhost? deja solo listen 80 e intenta acceder con la ip de tu pc desde la que tiene wireless

suponiendo que el servidor esta en

192.168.1.16

y tu laptop (o lo que tenga wireless) esta conectada a la misma red... accede al servidor escribiendo la ip de este en tu laptop

http://192.168.1.16

(segun el ejemplo)
Ojo por ojo, y el mundo acabará ciego.

^Tifa^

Haber es LAN o WAN??? Son dos cosas distintas   :xD

Si descomentaste lo que te dijo Nakp (Para tu LAN):

CitarListen 192.168.1.20:80

Que es la IP local privada de tu PC con OpenSuse.  Cuando hagas y guardes esos cambios, debes reiniciar el Apache:

/etc/init.d/httpd  restart

Y luego en tu PC intentar navegar en un navegador:

http://192.168.1.20:80

(Donde 192.168.1.20 es la IP privada local de tu PC con OpenSuse).

Si conecta entonces intentalo desde otra PC de tu LAN y sino conecta desde otra PC revisa algun firewall local de OpenSuse (iptables puede ser). o algun firewall fisico (Pix)

Si me hablas de la WAN ya el procedimiento es un poco mas extenso, porque tendras que abrir puertos en tu router y redireccionar la peticion al puerto 80 hacia la IP de tu maquina con OpenSuse....

Pero exactamente que es lo que quieres LAN o WAN?


Nakp

#5
quiere wan tifa... a traves del router es lo mismo... no se si en suse pero yo tengo en ubuntu y no hago nada mas xD (wlan)
Ojo por ojo, y el mundo acabará ciego.

^Tifa^

#6
Mira, si en tu caso tu Apache salio (o sea se vio remoto) es porque el router en cuestion esta mas sin restriccion de puertos algunas (grave error pero en fin). Pero por regla general, suelen venir multipuestos y pues es tarea del administrador hacer un ligero cambio a monopuesto. Es muy probable que si el habla a nivel WAN requiera ejercer la tareita de configurar su router para salir... a lo mejor sale premiado y su router esta en modo bridge y puede salir libremente con IP publica a internet. (Pero como generalmente no es el caso, doy la otra posibilidad) y la otra posibilidad se complica un poco considerando que las IP publicas caseras son dinamicas y hay que dar uso de una herramienta de terceros como No-Ip o pagar un billete extra al proveedor de internet para que te asigne una IP publica estatica a la Mac Address de tu Router  ;)

Cioouw

Haber la ip de mi Opensuse es 192.168.1.20

Ahora con la configuracion:

- Cuando pongo 127.0.0.1:80 Tengo acceso desde la misma pc, pero no desde LAN ni WAN.
- Cuando pongo 192.168.1.20:80 no tengo acceso desde la misma pc, ni la LAN, ni WAN.
- Cuando pongo 80 solo tengo acceso desde mi pc, no LAN, no WAN

Ojo que reinicio el servicio con esta instruccion: service apache2 restart

Cabe decir que he abierto el puerto 80 de mi router con direccion a mi IP 192.168.1.20, el firewall esta asi (visto desde YAST):

Mi interfaz eth0 esta en la zona externa.
Servicios autorizados http y https

La config del HTTP esta asi (visto desde YAST):

- Servicio HTTP habilitado
- Puerto 80 desde todas las direcciones

Haber que opinan.

Nakp

deja solo listen 80

a traves de que ip accedes a tu servidor desde lan o wan?
Ojo por ojo, y el mundo acabará ciego.

^Tifa^

Cuando eliges solamente puerto 80 (sin especificar IP) es para que escuche en todas las interfaces posibles que tengas (eth0 y las demas si posees por ejemplo wlan0) y obviamente localhost (127.0.0.1) Ahora si le especificas una IP (esta tiene que ser estatica no dinamica... ojo con si tu IP al OpenSuse se asigna a traves de DHCP). Si es estatica como informas, deberia poder observarse despues de reiniciar Apache tanto dentro del mismo OpenSuse como desde cualquier PC de tu misma LAN y cualquier PC desde la WAN siempre y cuando hayas realizado la configuracion DMZ correctamente en el router.

Ahora, puede existir la posibilidad que te comente anteriormente... un firewall en OpenSuse que impida la salida de servicios por otra interfaz que no sea la logica localhost.

Podrias, hacer los siguientes comandos me gustaria ver algo (ejecutalos todos como root de forma individual)

bash$  iptables  -L

bash$ nmap localhost

bash$ nmap 192.168.1.20

bash$ cat   /etc/host.deny

Otra cosilla, dices que tu IP de OpenSuse es 192.168.1.20??? y tu LAN va en ese mismo rango de IP privada??? Porque si tu LAN tiene otro rango (por ejemplo 10.0.0.X  o 192.168.168.x etc) no va ninguna PC a ver a tu OpenSuse ... disculpame por preguntarte esto ultimo se que es algo realmente tonto pero puesto que la IP (192.168.1.20) fue la que te di en el ejemplo de como configurar httpd.conf no quisiese que pues hayas colocado esa y le hayas colocado esa tambien a tu inferfaz y que se de la casualidad que tu LAN tiene otro rango de IP.

Saluditos.