[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#775176: please don't open tcp/80 by default

On Mon, 2015-01-12 at 09:48 +0100, Harald Dunkel wrote: 
> Actually I don't see any reason why apache2 should unconditionally
> listen on 80/tcp for a https-only setup, so I wonder if ports.conf
> could be moved to conf.d to support a2disconf?
You can just modify ports.conf and set the listening sockets as

Moving ports.conf to conf.d seems not to be conceptually sensible, since
one will always need listen addresses.

> Another option would be to move the Listen statements to
> the appropriate virtual host definitions, making ports.conf
> obsolete.
Also not really clean, since a single listening address might be used by
multiple VHs... so it doesn't really belong there.

I'd rather vote for httpd not being started automatically after
installation... which gives the admin time to configure it appropriately
and not having it unconditionally / insecurely(?) listening.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: