Apache vhost loads incorrect doc root

Question

My issue is that Apache randomly loads a non-default vhost instead of the domain I ask it to. I've tried just about every solution I found on this site and through searching but nothing seems to fix this problem.

Background:

• This is a virtual server hosted on a popular cloud platform
• The global apache conf file contains no VirtualHost definitions and the config file below is included properly (Include sites-enabled/*.conf)
• Apache 2.4 on Ubuntu 16.04
• I had each domain in their own conf file but that did not work either.
• Apache has chosen domain3.com as the default for some reason.
• When I execute curl localhost on the server, it returns the contents of domain3.com.
• The only thing excluded from the vhost below are some SSL definitions that don't seem to be causing any problems.
• ServerName is defined as localhost in apache.conf
• The vhosts below are saved at /etc/apache2/sites-enabled/000-default.conf

Server weirdness?

• I can't seem to actually stop apache. Executing service apache2 stop and then service apache2 status will identify the process as inactive, but I can still load pages under domain1/2/3.com. It's like nothing I do has any effect.
• There's like 3 ways to access apache now. Some seem to work, some don't. /etc/init.d/apache2 , service apache2 , apache2ctl .
• It only loads the wrong site about 50% of the time.

I'm completely out of ideas...

NameVirtualHost *:80

# domain1.com
<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName www.domain1.com
    ServerAlias domain1.com
    UseCanonicalName Off
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/domain1.com/

    <Directory /var/www/domain1.com>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# domain3.com
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.domain3.com
        ServerAlias domain3.com
        ServerAlias domain3.net
        ServerAlias www.domain3.net
        UseCanonicalName Off
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/domain3.com/

        <Directory /var/www/domain3.com>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/cq2_error.log
        CustomLog ${APACHE_LOG_DIR}/cq2_access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# domain2.com
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.domain2.com
        ServerAlias domain2.com
        UseCanonicalName Off
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/domain2.com/

        <Directory /var/www/domain2.com>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>


        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

And my apache2ctl -S output:

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-default.conf:1
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server www.domain1.com (/etc/apache2/sites-enabled/000-default.conf:4)
         port 80 namevhost www.domain1.com (/etc/apache2/sites-enabled/000-default.conf:4)
                 alias domain1.com
         port 80 namevhost www.domain3.com (/etc/apache2/sites-enabled/000-default.conf:54)
                 alias domain3.com
                 alias domain3.net
                 alias www.domain3.net
         port 80 namevhost www.domain2.com (/etc/apache2/sites-enabled/000-default.conf:95)
                 alias domain2.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

Answer 1

As far as Apache choosing a random site:

When you do curl localhost , it is likely that it sending out an HTTP header that has no Host: defined, as it behaves similarly to when you type the IP of the server directly in the browser. The Host: header in the HTTP request is the field that Apache matches against the ServerName and ServerAlias trying to find a match to load up the corresponding DocumentRoot .

So, in that case, if you don't have a default host setup, and an empty Host: comes in, then Apache will randomly choose a site (I have recreated this behavior on my dev server, just to verify).

It is better to set up 000-default.conf as your catch-all and decide what to do when that happens, like redirecting to one of your sites or to a simple php file that just echos something bland. Then set up separate conf files for each site just to stay organized.

If you have DNS records pointing to your server correctly, then the default will only trigger when bots come around testing IPs.

Answer 2

Your configuration looks alright, the weirdness you seem to describe seem to be related to a external issue, being it distro scripts, or whatever..., so try to use only apachectl only to stop/start, if the distro hasn't changed it much is the most "official" method you will find to manage your httpd server start/stop, etc, plus it is the only thing you have now giving you correct information

Also, In your configuration domain3.com would not ever be your default virtualhost, not even if you had defined your servernames incorrectly. So chances are you are seeing what other "service/server" is sending you.

Answer:

Use apachectl only until you fix your discro script issues

Answer 3

On Ubuntu 16.04 you have systemd .. so the right way to interact with apache is using systemctl <command> apache2

I suggest to kill every apache process and then try to start it again using systemctl start apache2 ..

Moreover, to be sure my default domain is loaded at first, I usually rename its configuration file as 000-domain.conf .. then add other domains, one per file, with no numerical prefix at all