| Author |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
 Posted: Sat 02 Nov '19 15:45 Post subject: Good to configure website via default.conf? |
 |
|
Hi,
this is a general question to which I have not found an answer by browsing here and elswere.
Is it advisable to configure a website in the default host if the respective server only serves one website or should be the default host and the host of the website be different?
I am asking because the IP address of the server will then resolve to the website. Not sure if this is good, from the SEO perspective or from a admistrative perspective.
Cheers |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 02 Nov '19 16:01 Post subject: |
|
|
If you have just one domain pointing to your server you can use set ServerName in httpd.conf to the correct domain name. Then it is okay to configure your server that way.
I recommend to use vhosts. One <VirtualHost _default_:80> one with <VirtualHost _default_:443> both pointing to a document root with only a index.htm in it. That prevents many automated bot attacks to do damage to your system and finally two other vhosts with your real domain name ( port 80 and 443). |
|
| Back to top |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
| Posted: Sat 02 Nov '19 16:23 Post subject: |
|
|
Thanks a lot for your recommendation. I will follow it and create dedicated hosts for my website.
The only thing I realized is that in this case the Qualys SSL test detects two certificate chains for the dedicated virtual host of my website: One which is correct for the virtual host itself and one which is incorrect for the default host. No idea why the chain for the default host is also being detected for the dedicated host. This is irritating and this is why I thought about merging both. That issue goes away in this case. (Admittedly that issue does not have a negative effect on the rating). |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 05 Nov '19 12:13 Post subject: |
|
|
| You may post your vhost config and we can tell you why. |
|
| Back to top |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
| Posted: Thu 14 Nov '19 23:05 Post subject: |
|
|
This is indeed a bit funny.
Default VirtualHost
| Code: |
<VirtualHost _default_:443>
ServerName 77.47.166.152
DocumentRoot /var/www/html
...
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
VirtualHost
| Code: |
<VirtualHost *:443>
ServerName example.org
DocumentRoot /var/www/html/example.org
...
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
|
I guess this is all relevant config concerning SSL within these two. When I check the VirtualHost with Qualys they detect a second certificate for the VirtualHost with the common name that matches the servers host name. I find this strange. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 15 Nov '19 11:25 Post subject: |
|
|
| 20160413 wrote: | | When I check the VirtualHost with Qualys they detect a second certificate for the VirtualHost with the common name that matches the servers host name. I find this strange. |
Pardon, I don't get that. Are you talking about the default vhost OR the example.com one? |
|
| Back to top |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
| Posted: Fri 15 Nov '19 15:45 Post subject: |
|
|
| I am talking about the example.org one. Here a second certificate chain appears for the host name of the server. It does not result into a downvoting however it is shown and I do not know why. The host name is not even configured in the default host. |
|
| Back to top |
|
