Re: How to setup certs for https access for Fedora 42?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2025-05-29 at 20:05 -0400, Jeffrey Walton wrote:
> Also see <https://docs.fedoraproject.org/en-US/fedora-server/services/httpd-basic-setup/>
> and the section, "Configure a Virtual Host for the domain".

When following such instructions, you have to be careful about the
choice of where you put virtually hosted sites.  If you do decide to
make sub-directories inside /var/www/html (as some advocate, and is
mentioned in that linked page) you have to make sure that nobody
connecting to the IP of the server can simply append the filepath used
by the site to the IP address, and bypass any security restrictions.

My advice is never do it.  *Always* do virtual hosts outside of
/var/www/html.  Hackers will try to find things, make it impossible for
them.

My public server's logs has long lists of hacking attempts that will
fail because what they're looking for doesn't exist.  But obviously it
does exist for other webservers.  Years ago it was commonly FrontPage
weaknesses they targeted, recently it's WordPress.  Neither of which I
use.  Just about all of those content management systems have flaws,
and you need to keep on top of updates on a daily matter.  And people
install them and configure them in dumb ways too (such us making
everything world readable and writeable).

-- 
 
uname -rsvp
Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
(yes, this is the output from uname for this PC when I posted)
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux