CosmoChris

Member
Sep 22, 2022
14
0
1
United Kingdom
cPanel Access Level
Root Administrator
Hi,

When the server was initially setup, it had the hostname on the primary IP. I initially tried to change the primary IP and wanted to migrate the hostname to another IP, but keep all shared websites on the original primary IP address. However this didn't really work and I decided to do the opposite: maintain the hostname on the original IP, and assign all websites onto the secondary IP. cPanel says that "root" is now on the new IP address - is this the server hostname or does it just mean that this is the default shared virtualhost?

The other issue I'm having is with SNI. One of the sites on the original primary IP appears to have it "dedicated" somehow even though they are only listed as shared, and every user which also shares that IP is only getting limited SSL support with SNI as the browser sometimes thinks the SSL is for this particular site.

Does anyone know how to fix this?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
Hey there! I'm not completely sure I understand the hostname portion of the situation. Since the hostname is only used for WHM access and not web traffic, it's not really "on" any IP address on the server, but simply exists as an A record in DNS. There really wouldn't be anything you need to change in cPanel if you wanted to change the IP the hostname responds to - just update the DNS to another IP on the server, and cPanel will respond just the same since the cPanel services listen for incoming connections on all IPs.

For the SNI problem, it could be because cPanel only allows one shared IP address per server. That shared IP address is typically where the hostname points to. If you have a domain on the machine without an SSL certificate and you try and make a secure connection to it, Apache will serve the first secure vhost it can. You can adjust that by doing the following:


Let me know if that's not exactly what you're running into and I can try to get you better details.
 

CosmoChris

Member
Sep 22, 2022
14
0
1
United Kingdom
cPanel Access Level
Root Administrator
Thanks Rex,

So with the first part, I'm essentially looking for system services (such as exim and mail) and the hostname to sit on one IP with the shared accounts sitting on another one entirely, just for separation purposes.

I also have nameservers on different IPs which Apache is not configured to listen on. What does "root" being listed on an IP address do? Is this just because it's the default shared virtual host?

With the SNI, thanks. I've had a look at this however and what I'd be looking for is for the hostname itself which is not visible within that interface. That interface just wants me to select a shared website which is an issue because they're all just shared websites and each is a different customer...
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
For the first part of the issue, I think you'll want this:


As I mentioned in the first post for *incoming* traffic, all services will listen on all IPs. That's why you can enter something like "ssh [email protected]" and still get connected to your server - the SSH service just listens for any incoming traffic.

I'm not familiar with "root" showing up for an IP address. Are you seeing that in WHM >> Show IP Address Usage?

You wouldn't be able to choose the hostname since that isn't designed to handle websites, but you could pick the "least worst" option to be used there, for any sites that don't have an SSL certificate. This isn't related to SNI, but how Apache serves content.

For these specific issues, it might be better to create a support ticket with our team so we can check your individual system and get you specific details.
 

CosmoChris

Member
Sep 22, 2022
14
0
1
United Kingdom
cPanel Access Level
Root Administrator
Well the issue is that it's not just with SNI. When I access the shared IP directly in the browser I'm getting redirected to the first site as well. As I said it seems to be dedicated, except, it's not.

I'm seeing the "root" on the IP address in WHM > Show or delete current IP addresses. Nobody also shows up there presumably the Apache user. It's also in the Change Site's IP address tool as well.

I understand what you're saying with the behaviour of Apache but I know that other hosts don't work like this and it feels like all that's happening here (and with my other topic for that matter) is that you're saying "it's not us guv, they built it".

But if it's really not doing what it's supposed to and has these clear issues, which clearly is the case, why didn't cPanel create a patch which fixes this issue? You have a big responsibility to ensure things are done securely and it just feels like you're dodging responsibility from my point of view. It's very disappointing considering how expensive this product now is.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
When I access the shared IP directly in the browser I'm getting redirected to the first site as well.
That's normal Apache behavior. Apache only works with domain names, and tries as best it can when it gets an IP address. This is something you can configure here:


Since it seems like you may have multiple things happening with the Apache configuration on the server, it would be best to create a ticket so we can review the system.