I have been successfully running an Apache server for some years
(currently 2.4.41 on Ubuntu 20.04LTS).
I have three "real" http vhosts on port 80, findable through a dynamic
DNS service. I also have a (first in line) default vhost with an
"unreachable" ServerName, which returns a 4xx status, and exposes the
request to fail2ban.
This takes care of the script kiddies and IOT bug-probers who access by
IP address, not hostname.
Recently I upgraded to https on port 443, using LetsEncrypt and CertBot.
The transition went smoothly; http requests to the vhosts on port 80 are
returned a 301 redirect permanent to https.
I have two questions:
1. Can I implement the same "nameless catchall" in the https
environment, or does the vhost selection work differently there? My ssl
cert appears to name all three real vhosts, but I am unsure what happens
when a request doesn't match any of them.
2. Are there any adverse consequences to closing down http / port 80 now
that the vhosts are up on https / port 443?
Thanks,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
