On Mon, 2021-12-13 at 11:14 +1000, Michael D. Setzer II wrote: > I've run a web server on port 8081 for some time since > my ISP blocks ports 80 and 443 completely, and it has > worked fine. > Recently have noticed things in access_log that show > people are trying to connect to the port 8081 using > https??
Are those connections that you actually want to allow? Are they real people, are they exploit attempts? Some of those answers may depend on whether your site is meant to be public or private. > Nothing crital on site that needs https, but if browsers > are going to require it. Looking to run https on 8443 or > something? You're going to hit any number of stumbling blocks, off the top of my head I can think of a few: In the old world, HTTPS required a dedicated IP per secure connection, web farms that shared IPs between numerous sites couldn't offer HTTPS connections (that requirement has gone away because of the need to support shared IPs between different sites, though older server software mightn't support it, but such software shouldn't be in use any more for safety reasons), and the IP needed to be static (not sure about that requirement any more, though it was a good security idea to keep). For people to not get scary warnings from their web-browser about untrustworthy sites, your certificate has to be issued/counter-signed by a select number of authorities, and they charge for the privilege. Lesser cert authorities aren't recognised as pre-approved by web browsers, and the user has to manually approve the certificate (some will, some won't, some can't). My site is externally hosted, and has been issued a certificate from cpanel (the website configuration tool), without any input from me. While that's handy for me, I'm not so sure how trustworthy that is to people visiting. Some browsers only allow HTTPS connections on certain port numbers, if you try to use different ports you either get scary warnings from your web-browser, or it just doesn't allow them. -- uname -rsvp Linux 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
