Primary Domain on Server's Shared IP
There is an option to make a domain primary on an IP address in WHM > SSL/TLS > Manage SSL Hosts. For dedicated IPs, the choice is easy, just make the one you wish, but what to do for the server's shared IP? Currently, the primary is one of the random hosting clients' websites, which is a terrible solution for a fallback domain for my entire server.
I noticed the following things:
1) This option makes the primary domain for the server's IP for 443 port only, not 80 port. I checked with apachectl -S.
2) If I create 80 and 443 VirtualHosts with my server's IP and put it at the top of pre_virtualhost_global.conf file, this makes them the primary, regardless of what hostname is put into the ServerName directive (can be the server's or any domain's hostname or an IP).
<VirtualHost [serverIP]:80>
Server Name [hostname or IP]
</VirtualHost>
<VirtualHost [serverIP]:443>
Server Name [hostname or IP]
</VirtualHost>
3) I noticed that when I do this custom VH setting, values in /var/cpanel/conf/apache/primary_virtual_hosts.conf are not updated. Is it possible or needed to edit them manually here?
4) Also, what would be the best hostname to use for shared IP?
-
Hey there! I'll go through and answer these in order so I don't miss anything:
1 - That's correct.
2 and 3 - The reason things are structured this way is so there is a default SSL for any connection that comes into your server. For example, if someone were to visit your server over a secure connection (port 443) and didn't specify a host, Apache can still serve them a secure connection of your choosing. An insecure connection over port 80 just doesn't seem as important so we don't provide a tool for this.The primary_virtual_hosts.conf file doesn't get updated - the includes are read into the Apache configuration in the order they are written, but original files don't get modified with your changes.
4 - That one is really up to you - whichever domain you'd like to show up for users who may encounter this situation.
In general, I'll say it's rare for a user to request a secure connection to a site through an insecure domain name, especially with AutoSSL applying free certificates.
1 -
Great, that is good to know.
Is it OK to create these VHs to define the primary domains (hostnames) for the IP as laid out?
0 -
Sure - the only way to know for sure if it will work for your situation is to try it, but you can always remove the customizations from the includes if you need to.
0 -
It works perfectly. I just wanted to get an opinion on whether this will break anything else.
0 -
From reading over the configurations I don't immediately see how this would cause issues elsewhere.
1
Please sign in to leave a comment.
Comments
5 comments