Base server versus virtual servers

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Base server versus virtual servers

Tom Browder
I am fine-tuning a single physical server running multiple virtual hosts defined by a macro and using SNI for access to each. The apache version is 2.4.43 and OpenSSL is 1.1.1g. OS is Debian 10 Buster.

In looking at the docs about OCSP it mentions possible problems with restarts when the cert provider may be offline and thus the base server should not be a virtual host.

My question is: what is a "base server" in this context. For many years I have always listed my main virtual host as the base server but that was pre-OCSP. Do I now have to run a non-https server?

Or does that mean I should define one server outside a virtual context?

Or does that "virtual" refer to using mod_virtual which I do not use at all?

Thanks.

Best regards,

-Tom



Reply | Threaded
Open this post in threaded view
|

Re: Base server versus virtual servers

@lbutlr
On 02 Sep 2020, at 04:52, Tom Browder <[hidden email]> wrote:
> My question is: what is a "base server" in this context. For many years I have always listed my main virtual host as the base server but that was pre-OCSP. Do I now have to run a non-https server?

The name I define in https.conf as ServerName is the rDNS for the machine. This domain has no pages associated with it, though it does have an info page under a sub directory, and is only there for the base config.

I don't know if this is the 'right' way to do this, but I prefer having all the domains in cost for consistency.



--
Of course, there were various groups seeking his overthrow, and this
        was right and proper and the sign of a vigorous and healthy
        society. No-one could call him unreasonable about the matter.
        Why, hadn't he founded most of them himself? And what was so
        beautiful was the way they spent nearly all their time bickering
        with one another. Human nature, the Patrician always said, was a
        marvelous thing. Once you understood where its levers were.
        --Guards! Guards!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Base server versus virtual servers

Tom Browder
On Fri, Sep 4, 2020 at 04:07 @lbutlr <[hidden email]> wrote:
...

The name I define in https.conf as ServerName is the rDNS for the machine. This domain has no pages associated with it, though it does have an info page under a sub directory, and is only there for the base config.

That is interesting and clever. I'll have to chew on that a bit.

Thanks!

-Tom