httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Gingras <francois.ging...@gmail.com>
Subject Re: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]
Date Sun, 06 Sep 2020 17:10:06 GMT
You're referring to DNS resolution, which occurs before httpd is involved.

As far as httpd is concerned, the requested host: header must match the
common name or SAM of the certificate.

The host: header is also used for name-based vhost resolution.

On 06/09/20 07:22 AM, Jason Long wrote:
> Thank you for your help.
> Is the content of "/etc/hosts" and "/etc/hostname" files important for get HTTPS certificate?
For example, if I want to get a certificate for "example-net.net".
> 
> 
> 
> 
> 
> On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith <js5@sanger.ac.uk>
wrote: 
> 
> 
> 
> 
> 
> 
> 
> 
> The first one doesn’t matter – but to be honest you shouldn’t do it – you should
create two configurations – one for the www.domain and one for domain. Choose one as canonical
(the one you really want users to see) and put the real configuration here.
> 
> Under the other domain – you include a rewrite rule to redirect to the canonical one…
> 
> <VirtualHost *:443>
> 
>   ServerName    mydomain.com
> 
>   ServerAlias   myotherdomain.com
> 
>   ServerAlias   www. myotherdomain.com
> 
>   Include       conf/ssl-conf/mydomain.com.conf
> 
>   RewriteEngine on
> 
>   RewriteRule   (.*) https://www.mydomain.com/ $1 [R,L,NE]
> 
> </VirtualHost>
> 
> Now which use as the canonical domain is up to you….There are arguments for both –
there is trend to remove the WWW, but if you have multiple domains on the same server (we
have around 120 at work for a front end proxy) – you can set the www.domain1.com,  www.domain2.com,
www.domain3.com to be CNAMEs in DNS so if you have to quickly move to another IP address you
can just update the A record for the hostname the CNAMEs point to (for example if the primary
machine fell over and you couldn’t get it back up and running)… If you use the unqualified
domain domain1.com,  domain2.com etc you would have to change each A record separately. Now
- there are three real reasons for using ServerAlias in my mind:
> 
>     * Having a common code base across a different number of sites – which uses the
URL of the request to determine a configuration – and consequently run different versions
of the site….
>     * You have multiple aliases for a domain so you can use ServerAlias to redirect them
to the canonical domain (see above)
>     * You have live, staging, dev and sandbox servers as part of the production cycle,
so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as
ServerAlias – then you can use the same configuration on each of the servers {with a little
bit of environment variable fudging to set root paths for the apache}
> 
>  
> 
> <VirtualHost *:443>
> 
>   ServerName    www.mydomain.com
> 
>   ServerAlias   dev.mydomain.com
> 
>   ServerAlias   test.mydomain.com
> 
>   ServerAlias   my-sandbox-server.mydomain.com
> 
>   ServerAlias   freds-sandbox-server.mydomain.com
> 
>   Include       conf/ssl-conf/mydomain.com.conf
> 
> 
>   … configuration …
> </VirtualHost>
> 
> 
> 
> 
> From: Jason Long <hack3rcon@yahoo.com.INVALID> Sent: 03 September 2020 22:43To:
users@httpd.apache.orgSubject: [users@httpd] Some questions about configuration Apache from
a beginer. [EXT]
> 
> 
>  
> 
> 
> Hello,
> 
> 
> I have some questions about Apache configuration and I'm thankful if anyone help me.
> 
> 
> 
>  
> 
> 
> 
> 1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which
one must have "www" prefix? 
> 
> 
> 
>  
> 
> 
> 
> 2- If "/etc/pki/tls/private/localhost.key" and 
> 
> 
> 
> "/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below
command OK?
> 
> 
> 
>  
> 
> 
> 
> # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key
-out /etc/ssl/certs/localhost.crt
> 
> 
> 
>  
> 
> 
> 
> The "localhost" is the name of my host? If my hostname is "example-test" then these files
name must be "example-test.key" and "example-test.crt" ?
> 
> 
> 
>  
> 
> 
> 
> 3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site
is up too then can I change "localhost.localdomain" ?
> 
> 
> 
>  
> 
> 
> 
> 4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what
is the content of "/etc/hostname" and "/etc/hosts" files?
> 
> 
> 
>  
> 
> 
> 
> It is a great help if anyone answer my questions by number.
> 
> 
> 
>  
> 
> 
> 
> Thank you.
> 
> 
> 
>  
> 
> 
> 
> -- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered
in England with number 1021457 and a company registered in England with number 2742969, whose
registered office is 215 Euston Road, London, NW1 2BE. 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message