Univention Bugzilla – Bug 44124
UMC redirects to install-time DNS entry
Last modified: 2017-05-03 10:40:50 CEST
Created attachment 8678 [details] redirections when accessing external fqdn UMC, at least the portal, redirects to the DNS entry that was registered at install-time. One cannot visit the UCS server by another external DNS name, that exists in an e.g. cloud environment. I tried setting up SSO for an external DNS entry, according to http://sdb.univention.de/1352 But I cannot even get to the UCS login - when visiting /univention/portal or /univention/management i get redirected (HTTP 301), see screenshot external FQDN: externaldns.ucsmaster.example, install-time FQDN: master.ucs.local
I have no clue what is causing this. My guess is that it has to do with the ServerName directive of apache and https SNI.
Note: I completed the steps in the article, the apache ServerName is set there.
Can you paste the output of apache2ctl -S?
# apache2ctl -S VirtualHost configuration: *:80 master.ucs.local (/etc/apache2/sites-enabled/000-default.conf:13) *:443 master.ucs.local (/etc/apache2/sites-enabled/default-ssl.conf:16) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-stapling: using_defaults Mutex proxy: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33
Can you do: echo "ServerName $FQDN" >>/etc/apache2/ucs-sites.conf.d/servername.conf Restart apache and show the output of the command again?
Okay, the redirect seems to be here: [Wed Mar 29 13:07:18.890775 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] init rewrite engine with requested uri /univention/portal/ [Wed Mar 29 13:07:18.890802 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/univention/setup/' to uri '/univention/portal/' [Wed Mar 29 13:07:18.890838 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/?simplesamlphp/(.*)' to uri '/univention/portal/' [Wed Mar 29 13:07:18.890870 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '.*' to uri '/univention/portal/' [Wed Mar 29 13:07:18.890909 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/js/.*/i18n/[^/]*/.*\\.json' => not-matched [Wed Mar 29 13:07:18.890936 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/management/modules/i18n/[^/]*/.*\\.json' => not-matched [Wed Mar 29 13:07:18.890961 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/i18n/[^/]*/.*\\.json' => not-matched [Wed Mar 29 13:07:18.890989 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/(management|portal|login|server-overview|self-service|setup)/i18n/[^/]*/.*\\.json' => not-matched [Wed Mar 29 13:07:18.891011 2017] [rewrite:trace3] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] applying pattern '^/univention/(.*)$' to uri '/univention/portal/' [Wed Mar 29 13:07:18.891054 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='foobar' pattern='^foobar$' => matched [Wed Mar 29 13:07:18.891079 2017] [rewrite:trace4] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] RewriteCond: input='/univention/portal/' pattern='^/univention/(login|management|self-service|portal|server-overview)/$' => matched [Wed Mar 29 13:07:18.891100 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] rewrite '/univention/portal/' -> 'http://xen3.school.local/univention/portal/' [Wed Mar 29 13:07:18.891138 2017] [rewrite:trace2] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] explicitly forcing redirect with http://xen3.school.local/univention/portal/ [Wed Mar 29 13:07:18.891157 2017] [rewrite:trace8] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] Rule has END flag, no further rewriting for this request [Wed Mar 29 13:07:18.891177 2017] [rewrite:trace1] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] escaping http://xen3.school.local/univention/portal/ for redirect [Wed Mar 29 13:07:18.891197 2017] [rewrite:trace1] [pid 3548] mod_rewrite.c(475): [client 10.205.1.206:47094] 10.205.1.206 - - [foobar/sid#7f3c3292f540][rid#7f3c328610a0/initial] redirect to http://xen3.school.local/univention/portal/ [REDIRECT/301]
univention-management-console (9.0.79-1): r78463 | Bug #44124: fix redirection when ucs/server/sso/virtualhost is false univention-apache (9.0.5-4): r78461 | Bug #44124: add .conf suffix to files in /etc/apache2/ucs-sites.conf.d/
Verified: No more redirections with external DNS entry. Great!
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".