No neither of these are need for the SSL certificate - in fact often the
externally facing hostnames on a server will usually be in the /etc/hostname,
this will be the name that you having given to the box {this allows you to move
the "public" domain to a different box}.. e.g. you may call it
web-server-01.mydomain. Keep it something like this for simplicity.
So e.g. my /etc/hostname just contains "web-server-01",
My /etc/hosts contains:
127.0.0.1 localhost
127.0.1.1 web-server-01.mydomain web-server-01
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
For SSL, you need to make sure the public facing URL you are using is in the
certificate (either as name od SAN) then you are OK to use it on the server.
-----Original Message-----
From: Jason Long <[email protected]>
Sent: 06 September 2020 12:22
To: [email protected]; James Smith <[email protected]>
Subject: Re: [users@httpd] Some questions about configuration Apache from a
beginer. [EXT]
Thank you for your help.
Is the content of "/etc/hosts" and "/etc/hostname" files important for get
HTTPS certificate? For example, if I want to get a certificate for
"example-net.net".
On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith
<[email protected]> wrote:
The first one doesn’t matter – but to be honest you shouldn’t do it – you
should create two configurations – one for the www.domain and one for domain.
Choose one as canonical (the one you really want users to see) and put the real
configuration here.
Under the other domain – you include a rewrite rule to redirect to the
canonical one…
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias myotherdomain.com
ServerAlias www. myotherdomain.com
Include conf/ssl-conf/mydomain.com.conf
RewriteEngine on
RewriteRule (.*)
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=1eS30RBStZkbW9DD-qn6GydnlW43SI73tVloeHWECtA&e=
$1 [R,L,NE]
</VirtualHost>
Now which use as the canonical domain is up to you….There are arguments for
both – there is trend to remove the WWW, but if you have multiple domains on
the same server (we have around 120 at work for a front end proxy) – you can
set the
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain1.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=fivYWxCJPAH9QsIMi_xkyoxTXvGY9bNlQAIOvUouEfI&e=
,
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain2.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=_AYj8hms9bddedwzIZyX1xtxJWXBb9aTE24Am1kxZ_Y&e=
,
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domain3.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=dNf7xMoYD7m1ZIdG2nS155p47M7TKQPzkI31DZy5usE&e=
to be CNAMEs in DNS so if you have to quickly move to another IP address you
can just update the A record for the hostname the CNAMEs point to (for example
if the primary machine fell over and you couldn’t get it back up and running)…
If you use the unqualified domain domain1.com, domain2.com etc you would have
to change each A record separately. Now - there are three real reasons for
using ServerAlias in my mind:
* Having a common code base across a different number of sites – which uses
the URL of the request to determine a configuration – and consequently run
different versions of the site….
* You have multiple aliases for a domain so you can use ServerAlias to
redirect them to the canonical domain (see above)
* You have live, staging, dev and sandbox servers as part of the production
cycle, so you set the ServerName to the URL of the live server and the
staging/dev/sandbox URLs as ServerAlias – then you can use the same
configuration on each of the servers {with a little bit of environment variable
fudging to set root paths for the apache}
<VirtualHost *:443>
ServerName
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=WlzqNyBJfpmHzqV9DFcZiFKunu3z9QekSKu2nwfezTA&s=25bXr_pb_kTefHmhlh_8i1npwvzGILMAbRF7O4ZqXiA&e=
ServerAlias dev.mydomain.com
ServerAlias test.mydomain.com
ServerAlias my-sandbox-server.mydomain.com
ServerAlias freds-sandbox-server.mydomain.com
Include conf/ssl-conf/mydomain.com.conf
… configuration …
</VirtualHost>
From: Jason Long <[email protected]> Sent: 03 September 2020 22:43To:
[email protected]: [users@httpd] Some questions about configuration
Apache from a beginer. [EXT]
Hello,
I have some questions about Apache configuration and I'm thankful if anyone
help me.
1- In Apache configuration, both of "ServerName" and "ServerAlias" must be
defined? Which one must have "www" prefix?
2- If "/etc/pki/tls/private/localhost.key" and
"/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? Is
below command OK?
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt
The "localhost" is the name of my host? If my hostname is "example-test" then
these files name must be "example-test.key" and "example-test.crt" ?
3- By default, Linux use "localhost.localdomain" if I installed Apache and my
web site is up too then can I change "localhost.localdomain" ?
4- For a web site with the name "example-test.net" and "192.168.1.2" IP
address, what is the content of "/etc/hostname" and "/etc/hosts" files?
It is a great help if anyone answer my questions by number.
Thank you.
-- The Wellcome Sanger Institute is operated by Genome Research Limited, a
charity registered in England with number 1021457 and a company registered in
England with number 2742969, whose registered office is 215 Euston Road,
London, NW1 2BE.
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
