You're referring to DNS resolution, which occurs before httpd is involved. As far as httpd is concerned, the requested host: header must match the common name or SAM of the certificate.
The host: header is also used for name-based vhost resolution. On 06/09/20 07:22 AM, Jason Long wrote: > Thank you for your help. > Is the content of "/etc/hosts" and "/etc/hostname" files important for get > HTTPS certificate? For example, if I want to get a certificate for > "example-net.net". > > > > > > On Sunday, September 6, 2020, 01:45:08 AM GMT+4:30, James Smith > <j...@sanger.ac.uk> wrote: > > > > > > > > > The first one doesn’t matter – but to be honest you shouldn’t do it – you > should create two configurations – one for the www.domain and one for domain. > Choose one as canonical (the one you really want users to see) and put the > real configuration here. > > Under the other domain – you include a rewrite rule to redirect to the > canonical one… > > <VirtualHost *:443> > > ServerName mydomain.com > > ServerAlias myotherdomain.com > > ServerAlias www. myotherdomain.com > > Include conf/ssl-conf/mydomain.com.conf > > RewriteEngine on > > RewriteRule (.*) https://www.mydomain.com/ $1 [R,L,NE] > > </VirtualHost> > > Now which use as the canonical domain is up to you….There are arguments for > both – there is trend to remove the WWW, but if you have multiple domains on > the same server (we have around 120 at work for a front end proxy) – you can > set the www.domain1.com, www.domain2.com, www.domain3.com to be CNAMEs in > DNS so if you have to quickly move to another IP address you can just update > the A record for the hostname the CNAMEs point to (for example if the primary > machine fell over and you couldn’t get it back up and running)… If you use > the unqualified domain domain1.com, domain2.com etc you would have to change > each A record separately. Now - there are three real reasons for using > ServerAlias in my mind: > > * Having a common code base across a different number of sites – which > uses the URL of the request to determine a configuration – and consequently > run different versions of the site…. > * You have multiple aliases for a domain so you can use ServerAlias to > redirect them to the canonical domain (see above) > * You have live, staging, dev and sandbox servers as part of the > production cycle, so you set the ServerName to the URL of the live server and > the staging/dev/sandbox URLs as ServerAlias – then you can use the same > configuration on each of the servers {with a little bit of environment > variable fudging to set root paths for the apache} > > > > <VirtualHost *:443> > > ServerName www.mydomain.com > > ServerAlias dev.mydomain.com > > ServerAlias test.mydomain.com > > ServerAlias my-sandbox-server.mydomain.com > > ServerAlias freds-sandbox-server.mydomain.com > > Include conf/ssl-conf/mydomain.com.conf > > > … configuration … > </VirtualHost> > > > > > From: Jason Long <hack3r...@yahoo.com.INVALID> Sent: 03 September 2020 > 22:43To: users@httpd.apache.orgSubject: [users@httpd] Some questions about > configuration Apache from a beginer. [EXT] > > > > > > Hello, > > > I have some questions about Apache configuration and I'm thankful if anyone > help me. > > > > > > > > 1- In Apache configuration, both of "ServerName" and "ServerAlias" must be > defined? Which one must have "www" prefix? > > > > > > > > 2- If "/etc/pki/tls/private/localhost.key" and > > > > "/etc/ssl/certs/localhost.crt" files deleted then how can I regenerate them? > Is below command OK? > > > > > > > > # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout > /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt > > > > > > > > The "localhost" is the name of my host? If my hostname is "example-test" then > these files name must be "example-test.key" and "example-test.crt" ? > > > > > > > > 3- By default, Linux use "localhost.localdomain" if I installed Apache and my > web site is up too then can I change "localhost.localdomain" ? > > > > > > > > 4- For a web site with the name "example-test.net" and "192.168.1.2" IP > address, what is the content of "/etc/hostname" and "/etc/hosts" files? > > > > > > > > It is a great help if anyone answer my questions by number. > > > > > > > > Thank you. > > > > > > > > -- The Wellcome Sanger Institute is operated by Genome Research Limited, a > charity registered in England with number 1021457 and a company registered in > England with number 2742969, whose registered office is 215 Euston Road, > London, NW1 2BE. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
