[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#775176: please don't open tcp/80 by default

On Wed, 2015-01-14 at 06:47 +0100, Harald Dunkel wrote: 
> the interface to enable and disable virtual hosts is a2ensite/a2dissite.
> That includes the IP/IPv6 address / virtual host names *and* the ports to
> listen. apache2.conf should provide just a basic configuration common for
> all vhosts and modules.
As said before... where Apache listens on and which (whether at all) you
have vhosts, is in principle independent from each other.
a2en/dissite should not change the listening behaviour.

And wrt conf.d, this is IMHO rather other misc stuff, e.g. I put in
files there which enforces httpOnly or secure on all cookies,... or
things like that. But it doesn't seem to make much sense to make the
port-listening such a config snippet which one can disable or enable -
if you "disable" the port-listening than you effectively disable the

> I would suggest to move the "default" vhosts for 80/tcp and 443/tcp to their
> own host modules in mods-available, making ports.conf obsolete. Then the
> default vhosts can be kicked out and replaced using a2dissite, as usual.
Maybe I misunderstand you,... but ports.conf doesn't define any
vhosts,... and you need to set the listening addresses, even when you do
no vhosting at all... so it doesn't make much sense to move something

Apart from that, which "default" vhost do you mean? There's the default
vhost vor IP based vhosting,.. the default one when namebased vhosting
is done, an IIRC there's even the "main" server host, which is
effectively when you put the config outsite of any IP/name based vhost


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: