Re: best practices for configuring multiple VirtualHost Apache WWW servers in Fedora?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, 28 Aug 2023 12:13:35 +0930
Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:

> On Sun, 2023-08-27 at 17:39 +0200, Franta Hanzlík via users wrote:
> > There is also the question of security and resistance to attacks from
> > the Internet. And since the attacks will most likely go to the IP address
> > (not the ServerName), it might be a good idea to make one more (fake)
> > Virtualhost as the default ("first listed")  VirtualHost - and on it have
> > minimal configuration, secure DocumentRoot and so on). Or am I mistaken?  
> Correct that attacks will go to the IP address, and you're probably
> more likely to get IP scanning finding you than someone targeting a
> particular domain.  Though the reverse may be true if you publish
> anything that triggers the dingbats on the internet.
> Also correct that you may want to ensure a particular virtual host is
> your default one.  You may want that to be your main website, you may
> want that to be some kind of defensive configuration.  There's another
> advantage in the default virtual host being the wrong website, it may
> aid you in checking you've configured things right for your real
> website.
> The conf.d/*.conf files are processed in alphabetical order, so name
> your default virtual host's configuration file to be picked first (e.g.
> 000-default.conf).  Filenames don't have to be the same as the domain
> name, by the way.
> -- 

IMO this alphabetical order processing (assuming that provided 
the conf.d/*.conf files are either vhost-only, or no-vhost-only (ie the
definition for the "main" server)) is only relevant for determining what 
the "default" virtual server (serving to other vhost unassigned requests) 
will be. Because according to
"Essentially, the main server is treated as "defaults" or a "base" on which to build each vhost.
But the positioning of these main server definitions in the config file is largely irrelevant -- the entire config of the main server has been parsed when this final merging occurs.
So even if a main server definition appears after a vhost definition it might affect the vhost definition."

So the process of building the configuration of individual vhosts looks
like this (IMO):
- After loading all .conf files, the "main" server configuration is created - which
 serves as default parameters for all vhosts.

- Then the configuration of individual vhosts is built, where the definition
 from the alphabetically first file (matching the IP:port request) determines
 the "default" server.

- So when all vhosts listen on all interfaces and all their IPs and using only
 standard ports 80/http and 443/https there will be one "default" server
 for http and one "default" for https.

Franta Hanzlik
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam, report it:

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux