You are viewing a single comment's thread from:

RE: Servers 101: Setting up a Web Server part 3 - SSL

in #tutorial8 years ago

The CName is a totally different record to the A record.

In a very simplified explanation, when you create a CName for asd.domain.com and point it to asd.domain2.com which in turn is an A record for 127.0.0.1, you are basically telling the asd.domain.com to resolve to 127.0.0.1. If at any point you change the A record of asd.domain2.com to 192.168.0.1, then asd.domain.com will also resolve to this IP.

So in your case, with a dynamic IP, this is the way to use your domain with your home connection.

To my knowledge, services like DNS, can't be used on different ports.

However, Web servers, FTP servers, SSH, and various other protocols, can be used at any port you want.

Sort:  

Yes, I understand it's different from the A record. It stands for Canonical name, right?

Your example is confusing.

I guess what I could do is get rid of the A Record altogether, and then just use a CName (to point to the dynamic DNS domain that I obtained via noip.com which will always be mapped to my IP address). Is that possible??

If I got rid of the A Record, would that conflict with my SSL certificate (since the SSL certificate is probably mapped to my IP)??

Likewise, I was told that one reason why I might not be able to access my server online from my own network might have something to do with NAT. What do you know about this?

P.S. You should make a tutorial on setting up file structures so that databases are accessible to websites that will be hosted. This is what I'm going to have to figure out how to do right now. I chose to install MySQL instead of MariaDB, so hopefully everything still works fine with the server as is. I don't see why it wouldn't.

This is how it works... CName is a record that resolves to a hostname instead of an IP. That hostname could have any type of record, in your example it is an A record. So, your domain is resolving to your noip.com subdomain, which in turn resolves to your IP. And yes, it stands for Canonical NAME.

If you have a cname record, and an A record for (example) this.domain.tld, then you are probably going to have problems at some point. It is not recommended to mix such records.

If you are behind NAT you'll have to configure port forwarding, like I told you on another comment. If your provider blocks port 80, you won't be able to use it unless they unblock it for you.

Also, what do you mean by "setting up file structures so that databases are accessible to websites that will be hosted"? Your database will be created via the mysql tool on console, or PHPMyAdmin. You won't be creating files. It doesn't work that way.

You have a lot of reading to do before you try hosting websites. It is not a project that should be taken lightly. It's not "I configured it once, and they work, so it's ok". Hosting websites require a lot more than configuration. If you are hosting websites at home, that are not for you to learn how to do things, you have to ensure that you have backup power in case there is a power outage (UPS & Power Generators are the most common ones), you need to have enough bandwidth to host a large user base, you need cooling or your equipment will get fried when your sites get popular... It will be cheaper and better for you to rent a server on a datacenter.

List of DNS Record Types
NAT - Network Address Translation
How MySQL Databases Work?

So it is recommended to use a CName without using an A record? For example, if I were to use the following setup for the domain spaiglas.com...

A Record : IP address (of my server)
CName : mine.ddns.net

In that case it would be best to not use an A record at all? I've been told you can't use CNames without an A record, that you need an A record, so I'm kind of confused. I tried deleting the A record for my domain and it was inaccessible. It would throw errors saying the server was not found, even though a CName existed :/

Yes, I've already set up port forwarding. The fact that I can't access my own server locally via the WAN IP address, from what I've read, can be addressed with something like NAT loopback/hairpinning/reflection?

Apparently I can access the server via https://its.internal.ip.address:443, but the browser seems to ignore the SSL certificate, which isn't a huge deal at the end of the day, unless it's also doing this for external requests too.

What I meant by that comment is of course the file structure on the server must be structured in such a way that a PHP file which references a database will need to be able to locate said database. In other words, can a given database be accessed from any subfolder of the apache2 default folder?

Yes, I know. My site will never be that popular, however. No more than 10 people will ever have access to my website and it is very likely there will never be more than 3 people concurrently using it. I have more than enough bandwidth for to handle this. I've got after market cooling for my CPU, which should be sufficient; I know you're talking about cooling the entire environment, so that all hardware components stay cool, but this won't be necessary. This route will in fact save me quite a bit of money without cutting into my revenue as much.

Thanks again for taking the time to answer my questions. And thanks for the DNS Record Types link. <3

If you're not going to answer any more of my questions. At least answer this one: How can I force all HTTP requests to use HTTPS?

I've just started reading about mod_rewrite, but find it confusing as fuck. Not sure where the file is located which I'm supposed to edit.

Your comment got lost on the influx of comments I got. I'm sorry for the late reply. Please, do yourself a favor and read a lot before attempting anything. It is clear that you are a newbie, and you have zero experience in this. Or, hire someone who knows what they are doing. There's nothing bad being a newbie, but if a problem arises you may not be able to solve it, so train yourself first.

As I've already told you, you need a cname from your domain to your dynamic dns hostname. It can't get more clear than this. That means that if your domain has an A record, you have to remove it. Also, you can't have a CName for domain.com. A CName can exist only for subdomains (such as www.domain.com or whateverhere.domain.com), so you can't have a full domain point to your dynamic IP.

For databases, there is no file structure. You connect to the Database via programming commands (and TCP connections that are made automatically with the commands you'll implement on your code).

If you are going to https://domain.com/, your server is already using SSL certificates. If you get dropped on http://domain.com (i.e. non-secure url) there is a direct link, or misconfiguration on your website.

However, here is a snippet to autoredirect all HTTP to HTTPS

RewriteEngine on
RewriteCond %{HTTPS} off [OR] 
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]


Near </VirtualHost> in your vhost file.

It's all good.

I am indeed a newbie. I already told you that this is the very first server I've ever set up. This is precisely how I am learning. Learning by reading and doing.

A lot of our conversation has seemingly gotten lost in translation or something.

Yes, I already tried removing my A record and leaving only the CNAME, which points to the DDNS subdomain (i.e. mine.ddns.net), but this didn't work.

When you say I can't have a full domain point to my dynamic IP, do you mean (1) the CNAME will only work with www.mydomain.com and won't work with mydomain.com or that (2) the website to which the CNAME points must be a subdomain (i.e. mine.ddns.net)??

What I'd like to do is allow my users to use mydomain.com, but when users try to access the server via mydomain.com their browsers automatically assume the HTTP protocol. In other words, when users type in https://mydomain.com it works, but when they just type mydomain.com it doesn't work. I know this is because I chose to deny HTTP requests when I was setting up the server/SSL certificate. I don't want my users to have to type https:// every single time they wish to visit my website.

I know I can achieve this via the vhost redirect, correct? I'm not sure where the vhost file is located, however. But I haven't had a chance yet to do any extensive research regarding this.

Yes, I figured out the the database thing on my own. I asked that question before messing around with anything. I thought I might've needed to explicitly point to the database's actual location on the server in order for the code to interact with the database.

Also, I have already come across many similar snippets, but, again, I'm just not sure which file I'm supposed to be editing :/

Coin Marketplace

STEEM 0.09
TRX 0.30
JST 0.033
BTC 110310.01
ETH 3889.44
USDT 1.00
SBD 0.59