Jump to content

Featured Replies

Posted
comment_332

Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1? 

comment_333
4 hours ago, Fidolas said:

Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1? 

localhost is not recommended since some servers have multiple ips and apache should use the configured ip for the domains.

  • Author
comment_338

shouldn't it be added as a template to let the user select the best for the case? For example, when apache is behind a nginx local reverse proxy or other configurations. In that cases is the proxy on the front that manages the ip for the domains. Isn't it?

Edited by Fidolas

  • Author
comment_339

I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports.

Edited by Fidolas

comment_342
8 hours ago, Fidolas said:

I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports.

backend webserver ports are accusable only when you disable firewall it is recommend to keep the firewall on in that case

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now