Some questions about configuration Apache from a beginer.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Some questions about configuration Apache from a beginer.

Jason Long
Hello,
I have some questions about Apache configuration and I'm thankful if anyone help me.

1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which one must have "www" prefix? 

2- If "/etc/pki/tls/private/localhost.key" and 
"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command OK?

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt

The "localhost" is the name of my host? If my hostname is "example-test" then these files name must be "example-test.key" and "example-test.crt" ?

3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is up too then can I change "localhost.localdomain" ?

4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the content of "/etc/hostname" and "/etc/hosts" files?

It is a great help if anyone answer my questions by number.

Thank you.

Reply | Threaded
Open this post in threaded view
|

RE: Some questions about configuration Apache from a beginer. [EXT]

James Smith

The first one doesn’t matter – but to be honest you shouldn’t do it – you should create two configurations – one for the www.domain and one for domain. Choose one as canonical (the one you really want users to see) and put the real configuration here.

Under the other domain – you include a rewrite rule to redirect to the canonical one…

<VirtualHost *:443>

  ServerName    mydomain.com

  ServerAlias   myotherdomain.com

  ServerAlias   www. myotherdomain.com

  Include       conf/ssl-conf/mydomain.com.conf

  RewriteEngine on

  RewriteRule   (.*) https://www.mydomain.com/ $1 [R,L,NE]

</VirtualHost>

Now which use as the canonical domain is up to you….

There are arguments for both – there is trend to remove the WWW, but if you have multiple domains on the same server (we have around 120 at work for a front end proxy) – you can set the www.domain1.com, www.domain2.com, www.domain3.com to be CNAMEs in DNS so if you have to quickly move to another IP address you can just update the A record for the hostname the CNAMEs point to (for example if the primary machine fell over and you couldn’t get it back up and running)… If you use the unqualified domain domain1.com,  domain2.com etc you would have to change each A record separately.

Now - there are three real reasons for using ServerAlias in my mind:

  • Having a common code base across a different number of sites – which uses the URL of the request to determine a configuration – and consequently run different versions of the site….
  • You have multiple aliases for a domain so you can use ServerAlias to redirect them to the canonical domain (see above)
  • You have live, staging, dev and sandbox servers as part of the production cycle, so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as ServerAlias – then you can use the same configuration on each of the servers {with a little bit of environment variable fudging to set root paths for the apache}

 

<VirtualHost *:443>

  ServerName    www.mydomain.com

  ServerAlias   dev.mydomain.com

  ServerAlias   test.mydomain.com

  ServerAlias   my-sandbox-server.mydomain.com

  ServerAlias   freds-sandbox-server.mydomain.com

  Include       conf/ssl-conf/mydomain.com.conf


  … configuration …
</VirtualHost>




From: Jason Long <[hidden email]>
Sent: 03 September 2020 22:43
To: [hidden email]
Subject: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]

 

Hello,

I have some questions about Apache configuration and I'm thankful if anyone help me.

 

1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which one must have "www" prefix? 

 

2- If "/etc/pki/tls/private/localhost.key" and 

"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command OK?

 

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt

 

The "localhost" is the name of my host? If my hostname is "example-test" then these files name must be "example-test.key" and "example-test.crt" ?

 

3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is up too then can I change "localhost.localdomain" ?

 

4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the content of "/etc/hostname" and "/etc/hosts" files?

 

It is a great help if anyone answer my questions by number.

 

Thank you.

 

-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Reply | Threaded
Open this post in threaded view
|

Re: Some questions about configuration Apache from a beginer. [EXT]

Jason Long
Thank you for your help.
Is the content of "/etc/hosts" and "/etc/hostname" files important for get HTTPS certificate? For example, if I want to get a certificate for "example-net.net".





On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith <[hidden email]> wrote:








The first one doesn’t matter – but to be honest you shouldn’t do it – you should create two configurations – one for the www.domain and one for domain. Choose one as canonical (the one you really want users to see) and put the real configuration here.

Under the other domain – you include a rewrite rule to redirect to the canonical one…

<VirtualHost *:443>

  ServerName    mydomain.com

  ServerAlias   myotherdomain.com

  ServerAlias   www. myotherdomain.com

  Include       conf/ssl-conf/mydomain.com.conf

  RewriteEngine on

  RewriteRule   (.*) https://www.mydomain.com/ $1 [R,L,NE]

</VirtualHost>

Now which use as the canonical domain is up to you….There are arguments for both – there is trend to remove the WWW, but if you have multiple domains on the same server (we have around 120 at work for a front end proxy) – you can set the www.domain1.com,  www.domain2.com, www.domain3.com to be CNAMEs in DNS so if you have to quickly move to another IP address you can just update the A record for the hostname the CNAMEs point to (for example if the primary machine fell over and you couldn’t get it back up and running)… If you use the unqualified domain domain1.com,  domain2.com etc you would have to change each A record separately. Now - there are three real reasons for using ServerAlias in my mind:

    * Having a common code base across a different number of sites – which uses the URL of the request to determine a configuration – and consequently run different versions of the site….
    * You have multiple aliases for a domain so you can use ServerAlias to redirect them to the canonical domain (see above)
    * You have live, staging, dev and sandbox servers as part of the production cycle, so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as ServerAlias – then you can use the same configuration on each of the servers {with a little bit of environment variable fudging to set root paths for the apache}

 

<VirtualHost *:443>

  ServerName    www.mydomain.com

  ServerAlias   dev.mydomain.com

  ServerAlias   test.mydomain.com

  ServerAlias   my-sandbox-server.mydomain.com

  ServerAlias   freds-sandbox-server.mydomain.com

  Include       conf/ssl-conf/mydomain.com.conf


  … configuration …
</VirtualHost>




From: Jason Long <[hidden email]> Sent: 03 September 2020 22:43To: [hidden email]: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]


 


Hello,


I have some questions about Apache configuration and I'm thankful if anyone help me.



 



1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which one must have "www" prefix? 



 



2- If "/etc/pki/tls/private/localhost.key" and 



"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command OK?



 



# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt



 



The "localhost" is the name of my host? If my hostname is "example-test" then these files name must be "example-test.key" and "example-test.crt" ?



 



3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is up too then can I change "localhost.localdomain" ?



 



4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the content of "/etc/hostname" and "/etc/hosts" files?



 



It is a great help if anyone answer my questions by number.



 



Thank you.



 



-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Some questions about configuration Apache from a beginer. [EXT]

Francois Gingras
You're referring to DNS resolution, which occurs before httpd is involved.

As far as httpd is concerned, the requested host: header must match the
common name or SAM of the certificate.

The host: header is also used for name-based vhost resolution.

On 06/09/20 07:22 AM, Jason Long wrote:

> Thank you for your help.
> Is the content of "/etc/hosts" and "/etc/hostname" files important for get HTTPS certificate? For example, if I want to get a certificate for "example-net.net".
>
>
>
>
>
> On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith <[hidden email]> wrote:
>
>
>
>
>
>
>
>
> The first one doesn’t matter – but to be honest you shouldn’t do it – you should create two configurations – one for the www.domain and one for domain. Choose one as canonical (the one you really want users to see) and put the real configuration here.
>
> Under the other domain – you include a rewrite rule to redirect to the canonical one…
>
> <VirtualHost *:443>
>
>   ServerName    mydomain.com
>
>   ServerAlias   myotherdomain.com
>
>   ServerAlias   www. myotherdomain.com
>
>   Include       conf/ssl-conf/mydomain.com.conf
>
>   RewriteEngine on
>
>   RewriteRule   (.*) https://www.mydomain.com/ $1 [R,L,NE]
>
> </VirtualHost>
>
> Now which use as the canonical domain is up to you….There are arguments for both – there is trend to remove the WWW, but if you have multiple domains on the same server (we have around 120 at work for a front end proxy) – you can set the www.domain1.com,  www.domain2.com, www.domain3.com to be CNAMEs in DNS so if you have to quickly move to another IP address you can just update the A record for the hostname the CNAMEs point to (for example if the primary machine fell over and you couldn’t get it back up and running)… If you use the unqualified domain domain1.com,  domain2.com etc you would have to change each A record separately. Now - there are three real reasons for using ServerAlias in my mind:
>
>     * Having a common code base across a different number of sites – which uses the URL of the request to determine a configuration – and consequently run different versions of the site….
>     * You have multiple aliases for a domain so you can use ServerAlias to redirect them to the canonical domain (see above)
>     * You have live, staging, dev and sandbox servers as part of the production cycle, so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as ServerAlias – then you can use the same configuration on each of the servers {with a little bit of environment variable fudging to set root paths for the apache}
>
>  
>
> <VirtualHost *:443>
>
>   ServerName    www.mydomain.com
>
>   ServerAlias   dev.mydomain.com
>
>   ServerAlias   test.mydomain.com
>
>   ServerAlias   my-sandbox-server.mydomain.com
>
>   ServerAlias   freds-sandbox-server.mydomain.com
>
>   Include       conf/ssl-conf/mydomain.com.conf
>
>
>   … configuration …
> </VirtualHost>
>
>
>
>
> From: Jason Long <[hidden email]> Sent: 03 September 2020 22:43To: [hidden email]: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]
>
>
>  
>
>
> Hello,
>
>
> I have some questions about Apache configuration and I'm thankful if anyone help me.
>
>
>
>  
>
>
>
> 1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which one must have "www" prefix?
>
>
>
>  
>
>
>
> 2- If "/etc/pki/tls/private/localhost.key" and
>
>
>
> "/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command OK?
>
>
>
>  
>
>
>
> # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt
>
>
>
>  
>
>
>
> The "localhost" is the name of my host? If my hostname is "example-test" then these files name must be "example-test.key" and "example-test.crt" ?
>
>
>
>  
>
>
>
> 3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is up too then can I change "localhost.localdomain" ?
>
>
>
>  
>
>
>
> 4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the content of "/etc/hostname" and "/etc/hosts" files?
>
>
>
>  
>
>
>
> It is a great help if anyone answer my questions by number.
>
>
>
>  
>
>
>
> Thank you.
>
>
>
>  
>
>
>
> -- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Some questions about configuration Apache from a beginer. [EXT]

James Smith
In reply to this post by Jason Long
No neither of these are need for the SSL certificate - in fact often the externally facing hostnames on a server will usually be in the /etc/hostname, this will be the name that you having given to the box {this allows you to move the "public" domain to a different box}.. e.g. you may call it web-server-01.mydomain. Keep it something like this for simplicity.

So e.g. my /etc/hostname just contains "web-server-01",

My /etc/hosts contains:

127.0.0.1       localhost
127.0.1.1       web-server-01.mydomain     web-server-01
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

For SSL, you need to make sure the public facing URL you are using is in the certificate (either as name od SAN) then you are OK to use it on the server.

 -----Original Message-----
From: Jason Long <[hidden email]>
Sent: 06 September 2020 12:22
To: [hidden email]; James Smith <[hidden email]>
Subject: Re: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]

Thank you for your help.
Is the content of "/etc/hosts" and "/etc/hostname" files important for get HTTPS certificate? For example, if I want to get a certificate for "example-net.net".





On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith <[hidden email]> wrote:








The first one doesn’t matter – but to be honest you shouldn’t do it – you should create two configurations – one for the www.domain and one for domain. Choose one as canonical (the one you really want users to see) and put the real configuration here.

Under the other domain – you include a rewrite rule to redirect to the canonical one…

<VirtualHost *:443>

  ServerName    mydomain.com

  ServerAlias   myotherdomain.com

  ServerAlias   www. myotherdomain.com

  Include       conf/ssl-conf/mydomain.com.conf

  RewriteEngine on

  RewriteRule   (.*) https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=1eS30RBStZkbW9DD-qn6GydnlW43SI73tVloeHWECtA&e=  $1 [R,L,NE]

</VirtualHost>

Now which use as the canonical domain is up to you….There are arguments for both – there is trend to remove the WWW, but if you have multiple domains on the same server (we have around 120 at work for a front end proxy) – you can set the https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain1.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=fivYWxCJPAH9QsIMi_xkyoxTXvGY9bNlQAIOvUouEfI&e= ,  https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain2.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=_AYj8hms9bddedwzIZyX1xtxJWXBb9aTE24Am1kxZ_Y&e= , https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain3.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=dNf7xMoYD7m1ZIdG2nS155p47M7TKQPzkI31DZy5usE&e=  to be CNAMEs in DNS so if you have to quickly move to another IP address you can just update the A record for the hostname the CNAMEs point to (for example if the primary machine fell over and you couldn’t get it back up and running)… If you use the unqualified domain domain1.com,  domain2.com etc you would have to change each A record separately. Now - there are three real reasons for using ServerAlias in my mind:

    * Having a common code base across a different number of sites – which uses the URL of the request to determine a configuration – and consequently run different versions of the site….
    * You have multiple aliases for a domain so you can use ServerAlias to redirect them to the canonical domain (see above)
    * You have live, staging, dev and sandbox servers as part of the production cycle, so you set the ServerName to the URL of the live server and the staging/dev/sandbox URLs as ServerAlias – then you can use the same configuration on each of the servers {with a little bit of environment variable fudging to set root paths for the apache}

 

<VirtualHost *:443>

  ServerName    https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=25bXr_pb_kTefHmhlh_8i1npwvzGILMAbRF7O4ZqXiA&e= 

  ServerAlias   dev.mydomain.com

  ServerAlias   test.mydomain.com

  ServerAlias   my-sandbox-server.mydomain.com

  ServerAlias   freds-sandbox-server.mydomain.com

  Include       conf/ssl-conf/mydomain.com.conf


  … configuration …
</VirtualHost>




From: Jason Long <[hidden email]> Sent: 03 September 2020 22:43To: [hidden email]: [users@httpd] Some questions about configuration Apache from a beginer. [EXT]


 


Hello,


I have some questions about Apache configuration and I'm thankful if anyone help me.



 



1- In Apache configuration, both of "ServerName" and "ServerAlias" must be defined? Which one must have "www" prefix? 



 



2- If "/etc/pki/tls/private/localhost.key" and 



"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is below command OK?



 



# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt



 



The "localhost" is the name of my host? If my hostname is "example-test" then these files name must be "example-test.key" and "example-test.crt" ?



 



3- By default, Linux use "localhost.localdomain" if I installed Apache and my web site is up too then can I change "localhost.localdomain" ?



 



4- For a web site with the name "example-test.net" and "192.168.1.2" IP address, what is the content of "/etc/hostname" and "/etc/hosts" files?



 



It is a great help if anyone answer my questions by number.



 



Thank you.



 



-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.



--
 The Wellcome Sanger Institute is operated by Genome Research
 Limited, a charity registered in England with number 1021457 and a
 company registered in England with number 2742969, whose registered
 office is 215 Euston Road, London, NW1 2BE.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]