Overview
I am trying to set up an Apache webserver on a Windows 11 machine running Windows Subsystem for Linux (WSL) on my home computer. Using the IP address returned for eth0 by ip a in a WSL shell, say 172.26.xx.xx, I can access my simple web page from the same computer. However, I cannot access the page from another computer in the same network.
Details
My ports.conf file, located at /etc/apache2, contains the following, in addition to a few comments:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Stripped of comments, my apache2.conf file, located at /etc/apache2, contains
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
My 000-default.conf file, located at /etc/apache2/sites-available, contains
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin example@example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
Options All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
For what's worth, I do have a registered domain which I use to instead of example.com above. (Because I am behind a home router without a static IP address, I used ddclient to setup a dynamic DNS with my provider. This seems to be working, insofar as the same IP address is shown for my network by https://whatismyipaddress.com/ and in the automatically populated field in the management page of my DNS registrar. However, unless I completely misunderstand things, this is irrelevant, because I cannot access my page from another computer even within the same network.)
What I have tried
Honestly, not much. The configuration of the Apache server seemed to me pretty straightforward, and for connections from the same computer it run right away. The only things I could think of were
Port forwarding issues.
Running sudo ufw status verbose on the WSL shell returns
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443 ALLOW IN Anywhere
80,443/tcp (Apache Full) ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)
which looks fine with me. Following instructions from here, I ran netsh interface portproxy to map ports 80 and 443 on the Windows computer to ports 80 and 443 on WSL. The key commands in the script are
netsh interface portproxy delete v4tov4 listenport=$port listenaddress=$addr"
and
netsh interface portproxy add v4tov4 listenport=$port listenaddress=$addr connectport=$port connectaddress=$remoteport
with $remoteport matching the IP address 172.26.xx.xx returned by ip a and $addr left as 0.0.0.0.
I have also created an inbound rule in Windows Defender Firewall, following the instructions at https://www.nextofwindows.com/allow-server-running-inside-wsl-to-be-accessible-outside-windows-10-host, but I believe those are superseded in WSL2 by the instructions above. Both of these potential solutions have been discussed at Access a web server which is running on WSL (Windows Subsystem for Linux) from the local network, but neither one nor any other suggestion in the question worked for me.
I don't know whether this port forwarding was truly necessary, or how to diagnose whether it did what it was supposed to do. In any case, I ran netstat -aobn | findstr :80 in a priviledged Powershell session from Windows, which returned
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 5720
TCP 10.0.0.229:56431 10.0.0.249:8009 ESTABLISHED 11868
TCP 10.5.0.2:54444 192.229.211.108:80 CLOSE_WAIT 22772
TCP [::1]:80 [::]:0 LISTENING 9280
as well Get-NetTCPConnection | where localport -eq 80, which returned, edited for compactness,
LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting OwningProcess
------------ --------- ------------- ---------- ----- -------------- -------------
::1 80 :: 0 Listen 9280
0.0.0.0 80 0.0.0.0 0 Listen 5720
Does anyone see anything interesting there?
Investigating logs.
In /var/logs/apache2/error.log there are many groups just like
[Sun Oct 15 18:37:05.433219 2023] [mpm_event:notice] [pid 19762:tid 139729704814464] AH00493: SIGUSR1 received. Doing graceful restart
[Sun Oct 15 18:37:05.441983 2023] [mpm_event:notice] [pid 19762:tid 139729704814464] AH00489: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations
[Sun Oct 15 18:37:05.441995 2023] [core:notice] [pid 19762:tid 139729704814464] AH00094: Command line: '/usr/sbin/apache2'
and nothing else, but these match the many times in which I ran sudo a2dissite 000-default.conf, sudo systemctl reload apache2, sudo a2ensite 000-default.conf, and sudo systemctl reload apache2 in this order after a change.
Here are other configuration parameters, in the unlikely case it matters:
My question is how I diagnose the problem, as this is a learning experience for me, but a straight up solution is welcome too, of course.
My original issue may have been related to running the server in WSL. The evidence for that is that I do not have problems when running a server on a dedicated Linux machine. I have given up on my original approach and followed this new approach instead.