Posted December 3, 2023Dec 3 comment_332 Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1?
December 3, 2023Dec 3 comment_333 4 hours ago, Fidolas said: Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1? localhost is not recommended since some servers have multiple ips and apache should use the configured ip for the domains.
December 4, 2023Dec 4 Author comment_338 shouldn't it be added as a template to let the user select the best for the case? For example, when apache is behind a nginx local reverse proxy or other configurations. In that cases is the proxy on the front that manages the ip for the domains. Isn't it? Edited December 4, 2023Dec 4 by Fidolas
December 4, 2023Dec 4 Author comment_339 I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports. Edited December 4, 2023Dec 4 by Fidolas
December 4, 2023Dec 4 comment_342 8 hours ago, Fidolas said: I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports. backend webserver ports are accusable only when you disable firewall it is recommend to keep the firewall on in that case
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now