Home > front end >  Apache VirtualHost Syntax
Apache VirtualHost Syntax

Time:09-17

This:

<VirtualHost subdomain.example.com:443> 
... 
ServerName subdomain.example.com
...
</VirtualHost>

works. Usually you see *:443 or <IpAdress>:443.

Why does subdomain.example.com:443 work?

CodePudding user response:

It works because subdomain.example.com:443 is a valid documented value:

<VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost>

Addr can be any of the following, optionally followed by a colon and a port number (or *)

  • The IP address of the virtual host;
  • A fully qualified domain name for the IP address of the virtual host (not recommended);
  • The character *, which acts as a wildcard and matches any IP address.
  • The string _default_, which is an alias for *

I understand a domain name is not recommended because it possibly requires a DNS query and actual filtering is done on IP address (take this with a grain of salt, I'm just speculating) but it's nonetheless valid.

Please note that this doesn't affect what local IP addresses and port Apache will listen too. It merely allows to speed up virtual host parsing and simplify settings whenever you need it.

CodePudding user response:

Note:

<VirtualHost subdomain.example.com:443> 

only works if subdomain.example.com resolves to an IP-Address that your virtual host binds to - e.g. an IP address that's handled by the server on which you've deployed Apache.

If you are running a reverse proxy on a different machine, then this instruction would tell Apache httpd to bind to an IP address that's not available on the machine that it resides on.

If you're running IPV4 and IPV6, I'm not confident that the domain name will result in all available addresses to be bound. Same, if the domain name binds to multiple addresses (either geo-located, or round-robin)

So, while it might work now, it can break any time that all of those assumptions are no longer (all) true

In short: Bind to * or _default_ and utilize ServerName (or the alias) - because you'll need to handle that anyway once a request reaches your webserver.

  • Related