SSL VHosts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: SSL VHosts
- From: Peter Horn <peter.horn@xxxxxxxxxxx>
- Date: Mon, 30 Aug 2021 12:24:30 +1000
- Reply-to: users@xxxxxxxxxxxxxxxx
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
I have been successfully running an Apache server for some years
(currently 2.4.41 on Ubuntu 20.04LTS).
I have three "real" http vhosts on port 80, findable through a dynamic
DNS service. I also have a (first in line) default vhost with an
"unreachable" ServerName, which returns a 4xx status, and exposes the
request to fail2ban.
This takes care of the script kiddies and IOT bug-probers who access by
IP address, not hostname.
Recently I upgraded to https on port 443, using LetsEncrypt and CertBot.
The transition went smoothly; http requests to the vhosts on port 80 are
returned a 301 redirect permanent to https.
I have two questions:
1. Can I implement the same "nameless catchall" in the https
environment, or does the vhost selection work differently there? My ssl
cert appears to name all three real vhosts, but I am unsure what happens
when a request doesn't match any of them.
2. Are there any adverse consequences to closing down http / port 80 now
that the vhosts are up on https / port 443?
Thanks,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
