For being the default server, there does seem to be a lot of boilerplate config you still needs in the httpd config file. Why does one need to redefine the MIME types, are they not in there by default?
In addition, I merged the following lists:
I never use the default server. A 404 or 500 is just about right.
The reason is: I don’t want somebody figuring out what the webserver is just by connecting to it by ip address.
A plain default and virtual domains solves this.
I like replying with an error when the Host is the IP e.g. http://203.0.113.4
The default http server will redirect to the default https server e.g. https://203.0.113.4
The TLS certificate offered will be the first one listed in relayd and it won’t match. If the certificate is accepted, it will 404 error because the document root /var/www/htdocs/203.0.113.4 does not exist.
When/why is relayd necessary?
I remember it used to be, perhaps before httpd SNI support. But why now?
The httpd TLS configuration for the server isn’t aware of the macro $HTTP_HOST which is the host from the HTTP Host header. As such, TLS options are hard-coded in httpd.conf. It won’t be possible to have a default https server for general use unless the TLS server is outsourced to relayd.
Where would access.log be found in this case?
default chroot directory is /var/www
default logdir directory is /logs
default access log file is access.log
does it support http/2 or http/1.x only ?
relayd and httpd support HTTP/1.x
hpack(3) may be included, one day, into relayd or httpd https://github.com/reyk/hpack
thank you for that info.
Hope they get it included in the future!