logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Good to configure website via default.conf?
Author
20160413



Joined: 13 Apr 2016
Posts: 28

PostPosted: Sat 02 Nov '19 15:45    Post subject: Good to configure website via default.conf? Reply with quote

Hi,

this is a general question to which I have not found an answer by browsing here and elswere.

Is it advisable to configure a website in the default host if the respective server only serves one website or should be the default host and the host of the website be different?

I am asking because the IP address of the server will then resolve to the website. Not sure if this is good, from the SEO perspective or from a admistrative perspective.

Cheers
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sat 02 Nov '19 16:01    Post subject: Reply with quote

If you have just one domain pointing to your server you can use set ServerName in httpd.conf to the correct domain name. Then it is okay to configure your server that way.

I recommend to use vhosts. One <VirtualHost _default_:80> one with <VirtualHost _default_:443> both pointing to a document root with only a index.htm in it. That prevents many automated bot attacks to do damage to your system and finally two other vhosts with your real domain name ( port 80 and 443).
Back to top
20160413



Joined: 13 Apr 2016
Posts: 28

PostPosted: Sat 02 Nov '19 16:23    Post subject: Reply with quote

Thanks a lot for your recommendation. I will follow it and create dedicated hosts for my website.

The only thing I realized is that in this case the Qualys SSL test detects two certificate chains for the dedicated virtual host of my website: One which is correct for the virtual host itself and one which is incorrect for the default host. No idea why the chain for the default host is also being detected for the dedicated host. This is irritating and this is why I thought about merging both. That issue goes away in this case. (Admittedly that issue does not have a negative effect on the rating).
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Tue 05 Nov '19 12:13    Post subject: Reply with quote

You may post your vhost config and we can tell you why.
Back to top
20160413



Joined: 13 Apr 2016
Posts: 28

PostPosted: Thu 14 Nov '19 23:05    Post subject: Reply with quote

This is indeed a bit funny.

Default VirtualHost

Code:

<VirtualHost _default_:443>
ServerName 77.47.166.152
DocumentRoot /var/www/html

...

SSLEngine on
SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key


VirtualHost
Code:

<VirtualHost *:443>
ServerName example.org
DocumentRoot /var/www/html/example.org

...

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem


I guess this is all relevant config concerning SSL within these two. When I check the VirtualHost with Qualys they detect a second certificate for the VirtualHost with the common name that matches the servers host name. I find this strange.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 15 Nov '19 11:25    Post subject: Reply with quote

20160413 wrote:
When I check the VirtualHost with Qualys they detect a second certificate for the VirtualHost with the common name that matches the servers host name. I find this strange.


Pardon, I don't get that. Are you talking about the default vhost OR the example.com one?
Back to top
20160413



Joined: 13 Apr 2016
Posts: 28

PostPosted: Fri 15 Nov '19 15:45    Post subject: Reply with quote

I am talking about the example.org one. Here a second certificate chain appears for the host name of the server. It does not result into a downvoting however it is shown and I do not know why. The host name is not even configured in the default host.
Back to top


Reply to topic   Topic: Good to configure website via default.conf? View previous topic :: View next topic
Post new topic   Forum Index -> Apache