# Problems with lighttpd vhosts using http, https with subdom.

## XezzeX

Hello

I'm trying to use Lighttpd to serve the following:

1) mydomain.tld on port 80 serving the same static html page

2) www.mydomain.tld on port 80 serving the same page as #1

3) webmail.mydomain.tld on port 443 serving my RoundCube webmail

What I've got working is #1 and partially #3. The webmail is only accessible at https://mydomain.tld instead of https://webmail.mydomain.tld. I clearly have a problem with subdomains since the only addresses working with my current setup is http://mydomain.tld and https://mydomain.tld.

I cannot for the life of me figure out how to fix this problem despite googling for about 12 hours and having tried a ton of different configs, so I hope there's a wizard in here who can help me.

My setup is as follows:

Folders:

/var/www/webmail.mydomain.tld/htdocs/roundcube/index.php etc.

/var/www/mydomain.tld/htdocs/index.html etc.

Packages:

www-servers/lighttpd-1.4.23 bzip2 fastcgi gdbm mysql pcre php ssl

mail-client/roundcube-0.2.2 mysql ssl vhosts

/etc/lighttpd/lighttpd.conf

###############################################################################

# [/list]Default lighttpd.conf for Gentoo.

# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.4 2009/05/12 09:54:12 bangert Exp $

###############################################################################

# {{{ variables

var.basedir  = "/var/www/"

var.logdir   = "/var/log/lighttpd"

var.statedir = "/var/lib/lighttpd"

# }}}

# {{{ modules

# At the very least, mod_access and mod_accesslog should be enabled.

# All other modules should only be loaded if necessary.

# NOTE: the order of modules is important.

server.modules = (

#    "mod_rewrite",

#    "mod_redirect",

#    "mod_alias",

    "mod_access",

#    "mod_cml",

#    "mod_trigger_b4_dl",

#    "mod_auth",

#    "mod_status",

#    "mod_setenv",

#    "mod_proxy",

    "mod_simple_vhost",

#    "mod_evhost",

#    "mod_userdir",

#    "mod_compress",

#    "mod_ssi",

#    "mod_usertrack",

#    "mod_expire",

#    "mod_secdownload",

#    "mod_rrdtool",

#    "mod_webdav",

    "mod_accesslog"

)

# }}}

# {{{ includes

include "mime-types.conf"

# fcgi and cgi are included below 

# }}}

# {{{ server settings

server.username      = "lighttpd"

server.groupname     = "lighttpd"

server.document-root = var.basedir

server.pid-file      = "/var/run/lighttpd.pid"

server.errorlog      = var.logdir  + "/error.log"

# log errors to syslog instead

#   server.errorlog-use-syslog = "enable"

server.indexfiles    = ("index.php", "index.html", "index.htm", "default.htm")

# server.tag           = "lighttpd"

server.follow-symlink = "enable"

# event handler (defaults to "poll")

# see performance.txt

# 

# for >= linux-2.4

#   server.event-handler = "linux-rtsig"

# for >= linux-2.6

#   server.event-handler = "linux-sysepoll"

# for FreeBSD

#   server.event-handler = "freebsd-kqueue"

# chroot to directory (defaults to no chroot)

# server.chroot      = "/"

# bind to port (defaults to 80)

# server.port          = 81

# bind to name (defaults to all interfaces)

# server.bind          = "grisu.home.kneschke.de"

# error-handler for status 404

# server.error-handler-404 = "/error-handler.html"

# server.error-handler-404 = "/error-handler.php"

# Format: <errorfile-prefix><status-code>.html

# -> ..../status-404.html for 'File not found'

# server.errorfile-prefix    = var.basedir + "/error/status-"

# FAM support for caching stat() calls

# requires that lighttpd be built with USE=fam

#   server.stat-cache-engine = "fam"

# }}}

# {{{ mod_staticfile

# which extensions should not be handled via static-file transfer

# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).

static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")

# }}}

# {{{ mod_accesslog

accesslog.filename   = var.logdir + "/access.log"

# }}}

# {{{ mod_dirlisting

# enable directory listings

#   dir-listing.activate      = "enable"

#

# don't list hidden files/directories

#   dir-listing.hide-dotfiles = "enable"

#

# use a different css for directory listings

#   dir-listing.external-css  = "/path/to/dir-listing.css"

#

# list of regular expressions.  files that match any of the

# specified regular expressions will be excluded from directory

# listings.

#   dir-listing.exclude = ("^\.", "~$")

# }}}

# {{{ mod_access

# see access.txt

url.access-deny = ("~", ".inc")

# }}}

# {{{ mod_userdir

# see userdir.txt

#

# userdir.path = "public_html"

# userdir.exclude-user = ("root")

# }}}

# {{{ mod_ssi

# see ssi.txt

#

# ssi.extension = (".shtml")

# }}}

# {{{ mod_ssl

# see ssl.txt

#

#If these are used, ssl will be enabled for ALL servers

#ssl.engine    = "enable"

#ssl.pemfile   = "/etc/lighttpd/certs/"

# }}}

# {{{ mod_status

# see status.txt

#

# status.status-url  = "/server-status"

# status.config-url  = "/server-config"

# }}}

# {{{ mod_simple_vhost

# see simple-vhost.txt

#

#  If you want name-based virtual hosting add the next three settings and load

#  mod_simple_vhost

#

# document-root =

#   virtual-server-root + virtual-server-default-host + virtual-server-docroot

# or

#   virtual-server-root + http-host + virtual-server-docroot

#

# simple-vhost.server-root   = "/home/weigon/wwwroot/servers/"

# simple-vhost.default-host  = "grisu.home.kneschke.de"

# simple-vhost.document-root = "/pages/"

# {{{ mod_compress

# see compress.txt

#

# compress.cache-dir   = var.statedir + "/cache/compress"

# compress.filetype    = ("text/plain", "text/html")

# }}}

# {{{ mod_proxy

# see proxy.txt

#

# proxy.server               = ( ".php" =>

#                               ( "localhost" =>

#                                 (

#                                   "host" => "192.168.0.101",

#                                   "port" => 80

#                                 )

#                               )

#                             )

# }}}

# {{{ mod_auth

# see authentication.txt

#

# auth.backend               = "plain"

# auth.backend.plain.userfile = "lighttpd.user"

# auth.backend.plain.groupfile = "lighttpd.group"

# auth.backend.ldap.hostname = "localhost"

# auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"

# auth.backend.ldap.filter   = "(uid=$)"

# auth.require               = ( "/server-status" =>

#                               (

#                                 "method"  => "digest",

#                                 "realm"   => "download archiv",

#                                 "require" => "user=jan"

#                               ),

#                               "/server-info" =>

#                               (

#                                 "method"  => "digest",

#                                 "realm"   => "download archiv",

#                                 "require" => "valid-user"

#                               )

#                             )

# }}}

# {{{ mod_rewrite

# see rewrite.txt

#

# url.rewrite = (

#	"^/$"		=>		"/server-status"

# )

# }}}

# {{{ mod_redirect

# see redirect.txt

#

# url.redirect = (

#	"^/wishlist/(.+)"		=>		"http://www.123.org/$1"

# )

# }}}

# {{{ mod_evhost

# define a pattern for the host url finding

# %% => % sign

# %0 => domain name + tld

# %1 => tld

# %2 => domain name without tld

# %3 => subdomain 1 name

# %4 => subdomain 2 name

#

# evhost.path-pattern        = "/home/storage/dev/www/%3/htdocs/"

# }}}

# {{{ mod_expire

# expire.url = (

#	"/buggy/"		=>		"access 2 hours",

#	"/asdhas/"		=>		"access plus 1 seconds 2 minutes"

# )

# }}}

# {{{ mod_rrdtool

# see rrdtool.txt

#

# rrdtool.binary  = "/usr/bin/rrdtool"

# rrdtool.db-name = var.statedir + "/lighttpd.rrd"

# }}}

# {{{ mod_setenv

# see setenv.txt

#

# setenv.add-request-header  = ( "TRAV_ENV" => "mysql://user@host/db" )

# setenv.add-response-header = ( "X-Secret-Message" => "42" )

# }}}

# {{{ mod_trigger_b4_dl

# see trigger_b4_dl.txt

#

# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"

# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )

# trigger-before-download.trigger-url = "^/trigger/"

# trigger-before-download.download-url = "^/download/"

# trigger-before-download.deny-url = "http://127.0.0.1/index.html"

# trigger-before-download.trigger-timeout = 10

# }}}

# {{{ mod_cml

# see cml.txt

#

# don't forget to add index.cml to server.indexfiles

# cml.extension               = ".cml"

# cml.memcache-hosts          = ( "127.0.0.1:11211" )

# }}} 

# {{{ mod_webdav

# see webdav.txt

#

# $HTTP["url"] =~ "^/dav($|/)" {

#     webdav.activate = "enable"

#     webdav.is-readonly = "enable"

# }

# }}}

# {{{ extra rules

#

# set Content-Encoding and reset Content-Type for browsers that

# support decompressing on-thy-fly (requires mod_setenv)

# $HTTP["url"] =~ "\.gz$" {

#     setenv.add-response-header = ("Content-Encoding" => "x-gzip")

#     mimetype.assign = (".gz" => "text/plain")

# }

# $HTTP["url"] =~ "\.bz2$" {

#     setenv.add-response-header = ("Content-Encoding" => "x-bzip2")

#     mimetype.assign = (".bz2" => "text/plain")

# }

#

# }}}

# {{{ debug

# debug.log-request-header   = "enable"

# debug.log-response-header  = "enable"

# debug.log-request-handling = "enable"

# debug.log-file-not-found   = "enable"

# }}}

# {{{ cgi includes

# uncomment for cgi support

#   include "mod_cgi.conf"

# uncomment for php/fastcgi support

include "mod_fastcgi.conf"

# }}}

# vim: set ft=conf foldmethod=marker et :

$HTTP["host"] =~ "^(www\.)?mydomain\.tld$" {

	simple-vhost.server-root = "/var/www/"

	simple-vhost.default-host = "mydomain.tld"

	simple-vhost.document-root = "/htdocs/"

###	server.document-root = "/var/www/mydomain.tld/htdocs/" 

	server.errorlog = "/var/log/lighttpd/mydomain.tld/error.log"

	accesslog.filename = "/var/log/lighttpd/mydomain.tld/access.log"

}

#else

# $HTTP["host"] =~ "webmail\.mydomain\.tld" {

	$SERVER["socket"] == ":443" {

		ssl.pemfile = "/etc/lighttpd/certs/webmail.mydomain.tld.pem"

		ssl.engine = "enable"

	simple-vhost.server-root = "/var/www/"

	simple-vhost.default-host = "webmail.mydomain.tld"

	simple-vhost.document-root = "/htdocs/roundcube/"

###	server.document-root = "/var/www/webmail.mydomain.tld/htdocs/roundcube/"

	server.errorlog = "/var/log/lighttpd/webmail.mydomain.tld/error.log"

	accesslog.filename = "/var/log/lighttpd/webmail.mydomain.tld/access.log"

	}

#}

----------

## whig

Two stanza kludge then:

$HTTP["host"] == "www\.mydomain\.tld" {

...

}

$HTTP["host"] == "mydomain\.tld" {

(duplicate above)

}

----------

## XezzeX

 *whig wrote:*   

> Two stanza kludge then:
> 
> $HTTP["host"] == "www\.mydomain\.tld" {
> 
> ...
> ...

 

Thank you for the quick reply.

I've tried replacing:

```
$HTTP["host"] =~ "^(www\.)?mydomain\.tld$" {

        simple-vhost.server-root = "/var/www/"

        simple-vhost.default-host = "mydomain.tld"

        simple-vhost.document-root = "/htdocs/"

        server.errorlog = "/var/log/lighttpd/mydomain.tld/error.log"

        accesslog.filename = "/var/log/lighttpd/mydomain.tld/access.log"

}
```

with:

```
$HTTP["host"] == "http://www.mydomain.tld" {

        simple-vhost.server-root = "/var/www/"

        simple-vhost.default-host = "mydomain.tld"

        simple-vhost.document-root = "/htdocs/"

        server.errorlog = "/var/log/lighttpd/mydomain.tld/error.log"

        accesslog.filename = "/var/log/lighttpd/mydomain.tld/access.log"

}

$HTTP["host"] == "http://mydomain.tld" {

        simple-vhost.server-root = "/var/www/"

        simple-vhost.default-host = "mydomain.tld"

        simple-vhost.document-root = "/htdocs/"

        server.errorlog = "/var/log/lighttpd/mydomain.tld/error.log"

        accesslog.filename = "/var/log/lighttpd/mydomain.tld/access.log"

}
```

Unfortunately the result is the same. Only http://mydomain.tld works not http://www.mydomain.tld

----------

## whig

Remove both http:// from the host tests.

There could well be a way to regex host tests, not apparent to this mortal user.

----------

## XezzeX

 *whig wrote:*   

> Remove both http:// from the host tests.
> 
> There could well be a way to regex host tests, not apparent to this mortal user.

 

I've tried both with and without "http://" and with and without escaping the dots.

I've got multiple IPs for my eth0 and I'm using Gentoo Hardened. Could they be the cause of this not working?

----------

## Ant P.

Try doing it this way around...

```

$SERVER["socket"] == "0.0.0.0:443" {

    #ssl config here

    $HTTP["host"] == "webmail.domain.tld" {

        ...

    }

}

```

----------

## whig

Or, try falling back to the lighty style:

```
simple-vhost.server-root   = "/usr/local/www/"

simple-vhost.default-host  = "default"

simple-vhost.document-root = "html"
```

and have files in

/usr/local/www/default/html/...

/usr/local/www/www.example.com/html/...

/usr/local/www/www.example2.com/html/...

/usr/local/www/example3.com/html/...

----------

## XezzeX

Neither of those suggestions work. For some reason no matter what I do, I can't get the subdomains working.

----------

## XezzeX

I've now located the problem. It turns out that I only had an A record for domain.tld.

After creating A records for www.domain.tld and webmail.domain.tld it works like a charm.

Thanks for all the help, and I'll try not to make the same mistake again  :Wink: 

----------

