Barry: >>> My guess is because almost everyone uses VirtualHost sections. Todd Zullinger: > > And chage the file there means you now have to track future > > changes to it yourself rather than picking them up via the > > normal package updates. Michael D. Setzer II: > Don't understand this? Looked at another Fedora system that has httpd > installed, but never setup. I also the VirtualHost options all > commented out by default? So why would installing updates break > things. > If that is what the default should be, then why isn't the VirtualHost > setup as the default configuration rather than being commented out? > Had tried the certbot run --apache option in past, but it came up > with unknown certificate provider message. > Know one can create many virtual host on a machine, but been doing > simple setup going back to redhat 9, and then Fedora Core 1 to Fedora > 42 now. Had it on SCO and Unixware before that. > The changes are mostly to commented lines? If you modify the main Apache configuration, there's every chance at any update to Apache that you'll have to deal with changes to the configuration file. I'd say that's what Todd alludes to. If you set up a virtual host, they're not interfered with by any RPM updates to Apache. And I think you /are/ encouraged to set up virtual hosts, rather than use the main configuration. And Barry would be alluding to how most people running public servers are probably using a VirtualHost in someone else's hosting farm, far more than people running private servers. And far more than renting a whole box in a server centre, anybody doing that is probably not going to be using a freebie cert provider with limited trust (*). So that may explain Let's Encrypt's general purpose solution they promote. * If you were a site that needed absolute trust with your clients, you could be a bank, a shopping site, some security vendor, whatever, you need a certificate that engenders confidence with your clients. A tiny step above self-signed certificates from a service that doesn't do background checks, or really vet your identity, doesn't achieve that. My hosting service uses it, and I've never been vetted in any way regarding the security certificate. I'm simply a paying customer. Virtual hosts are also hostname specific, incoming connections to that service are managed by Apache according to the hostname they request, rather than any and all connections being accepted. You can shoehorn the main config into working that way, but it's more effort. Since I manage a few websites, it's convenient for me to have local copies, and using VirtualHosts makes that easy for me. I just use a localised version of their hostname to browse them (e.g. change the www. prefix of their domain to lan. such as lan.example.com). It also makes it easy for me to set up a test server to try anything out on, without disrupting the main servers. Which I really must do more often, lately I've made a few typing goofs in one of the main sites and disrupted things, and being buried in 500 lines of CSS made it hard to find. And, no, they weren't outright errors so error-checking wouldn't find them, nor single errors so I could simply revert the file. I dug myself into a hole. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 (yes, this is the output from uname for this PC when I posted) Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
