Nginx + Apache setup in CWP

Fidolas · December 3, 2023

Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1?

Sandeep B. · December 3, 2023

4 hours ago, Fidolas said:

Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1?

localhost is not recommended since some servers have multiple ips and apache should use the configured ip for the domains.

Fidolas · December 4, 2023

shouldn't it be added as a template to let the user select the best for the case? For example, when apache is behind a nginx local reverse proxy or other configurations. In that cases is the proxy on the front that manages the ip for the domains. Isn't it?

Edited December 4, 2023 by Fidolas

Fidolas · December 4, 2023

I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports.

Edited December 4, 2023 by Fidolas

Sandeep B. · December 4, 2023

8 hours ago, Fidolas said:

I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports.

backend webserver ports are accusable only when you disable firewall it is recommend to keep the firewall on in that case

Sign In

Nginx + Apache setup in CWP

Recommended Posts

Fidolas

Link to comment

Share on other sites

Sandeep B.

Link to comment

Share on other sites

Fidolas

Link to comment

Share on other sites

Fidolas

Link to comment

Share on other sites

Sandeep B.

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Forum Activity

AlmaLinux release 8.9 (Midnight Oncilla) = SECRET FİLE ?

security Solution for returning attackers when restarting CSF

How to disable the phpMyAdmin service?

shared hosting web server setup

libzip install error

Browse

Activity