httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Smith <...@sanger.ac.uk>
Subject RE: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]
Date Mon, 07 Sep 2020 08:49:52 GMT
No neither of these are need for the SSL certificate - in fact often the externally facing
hostnames on a server will usually be in the /etc/hostname, this will be the name that you
having given to the box {this allows you to move the "public" domain to a different box}..
e.g. you may call it web-server-01.mydomain. Keep it something like this for simplicity.

So e.g. my /etc/hostname just contains "web-server-01",

My /etc/hosts contains:

127.0.0.1       localhost
127.0.1.1       web-server-01.mydomain     web-server-01
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

For SSL, you need to make sure the public facing URL you are using is in the certificate (either
as name od SAN) then you are OK to use it on the server.

 -----Original Message-----
From: Jason Long <hack3rcon@yahoo.com> 
Sent: 06 September 2020 12:22
To: users@httpd.apache.org; James Smith <js5@sanger.ac.uk>
Subject: Re: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]

Thank you for your help.
Is the content of "/etc/hosts" and "/etc/hostname" files important for get HTTPS certificate?
For example, if I want to get a certificate for "example-net.net".





On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith <js5@sanger.ac.uk> wrote:









The first one doesn’t matter – but to be honest you shouldn’t do it – you should create
two configurations – one for the www.domain and one for domain. Choose one as canonical
(the one you really want users to see) and put the real configuration here.

Under the other domain – you include a rewrite rule to redirect to the canonical one…

<VirtualHost *:443>

  ServerName    mydomain.com

  ServerAlias   myotherdomain.com

  ServerAlias   www. myotherdomain.com

  Include       conf/ssl-conf/mydomain.com.conf

  RewriteEngine on

  RewriteRule   (.*) https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=1eS30RBStZkbW9DD-qn6GydnlW43SI73tVloeHWECtA&e=
 $1 [R,L,NE]

</VirtualHost>

Now which use as the canonical domain is up to you….There are arguments for both – there
is trend to remove the WWW, but if you have multiple domains on the same server (we have around
120 at work for a front end proxy) – you can set the https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain1.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=fivYWxCJPAH9QsIMi_xkyoxTXvGY9bNlQAIOvUouEfI&e=
,  https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain2.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=_AYj8hms9bddedwzIZyX1xtxJWXBb9aTE24Am1kxZ_Y&e=
, https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain3.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=dNf7xMoYD7m1ZIdG2nS155p47M7TKQPzkI31DZy5usE&e=
 to be CNAMEs in DNS so if you have to quickly move to another IP address you can just update
the A record for the hostname the CNAMEs point to (for example if the primary machine fell
over and you couldn’t get it back up and running)… If you use the unqualified domain domain1.com,
 domain2.com etc you would have to change each A record separately. Now - there are three
real reasons for using ServerAlias in my mind:

    * Having a common code base across a different number of sites – which uses the
URL of the request to determine a configuration – and consequently run different versions
of the site….
    * You have multiple aliases for a domain so you can use ServerAlias to redirect them
to the canonical domain (see above)
    * You have live, staging, dev and sandbox servers as part of the production cycle,
so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as
ServerAlias – then you can use the same configuration on each of the servers {with a little
bit of environment variable fudging to set root paths for the apache}

 

<VirtualHost *:443>

  ServerName    https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=25bXr_pb_kTefHmhlh_8i1npwvzGILMAbRF7O4ZqXiA&e=


  ServerAlias   dev.mydomain.com

  ServerAlias   test.mydomain.com

  ServerAlias   my-sandbox-server.mydomain.com

  ServerAlias   freds-sandbox-server.mydomain.com

  Include       conf/ssl-conf/mydomain.com.conf


  … configuration …
</VirtualHost>




From: Jason Long <hack3rcon@yahoo.com.INVALID> Sent: 03 September 2020 22:43To: users@httpd.apache.orgSubject:
[users@httpd] Some questions about configuration Apache from a beginer. [EXT]


 


Hello,


I have some questions about Apache configuration and I'm thankful if anyone help me.



 



1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which
one must have "www" prefix? 



 



2- If "/etc/pki/tls/private/localhost.key" and 



"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command
OK?



 



# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key
-out /etc/ssl/certs/localhost.crt



 



The "localhost" is the name of my host? If my hostname is "example-test" then these files
name must be "example-test.key" and "example-test.crt" ?



 



3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is
up too then can I change "localhost.localdomain" ?



 



4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the
content of "/etc/hostname" and "/etc/hosts" files?



 



It is a great help if anyone answer my questions by number.



 



Thank you.



 



-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered
in England with number 1021457 and a company registered in England with number 2742969, whose
registered office is 215 Euston Road, London, NW1 2BE. 



-- 
 The Wellcome Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE.
Mime
View raw message