On Mon, 2015-01-12 at 09:48 +0100, Harald Dunkel wrote: > Actually I don't see any reason why apache2 should unconditionally > listen on 80/tcp for a https-only setup, so I wonder if ports.conf > could be moved to conf.d to support a2disconf? You can just modify ports.conf and set the listening sockets as necessary? Moving ports.conf to conf.d seems not to be conceptually sensible, since one will always need listen addresses. > Another option would be to move the Listen statements to > the appropriate virtual host definitions, making ports.conf > obsolete. Also not really clean, since a single listening address might be used by multiple VHs... so it doesn't really belong there. I'd rather vote for httpd not being started automatically after installation... which gives the admin time to configure it appropriately and not having it unconditionally / insecurely(?) listening. Cheers, Chris.
Description: S/MIME cryptographic signature