15

I've just followed this tutorial on setting up name-based virtulization in Apache, and it worked really well.

The tutorial basically got you to add a config file to sites-available called yourdomain.com, and then link it to sites-enabled.

By default, apache includes two site config files in sites-available, default and defualt-ssl.

Should you edit these files or remove the link form the sites-enabled directory?

After playing around with this (locally), I realised that by default the default site points to your root /var/www directory, and so if someone goes to the IP of your server directly, could they not then see all the vhosts and other directories in /var/www, unless the default vhost config is changed to point to a different directory, or remvoed from sites-enabled?

I'm just wondering what is commonly done with the default site if the server is being used for name-based virtualization?

Sorry if I got some of this incorrect as I'm quite new to running my own web server.

Alex Coplan
  • 575
  • 1
  • 10
  • 18

2 Answers2

18

Just disable them if you're not using them

a2dissite default
a2dissite default-ssl
apachectl graceful

This simply removes the link to sites-enabled, so they're not included in the config anymore

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
2

You can disable the default files which is equivalent to removing the link from sites-enabled directory. 

a2dissite default

If you don't want to disable default site but want to hide the directories then you can put up a home page (index.html) in /var/www/ or hide the directory indexes.

Aditya Patawari
  • 1,065
  • 8
  • 23