How to forward all traffic including www and all wildcard *. to domain?

Angel Hess

Angel Hess

How to forward www. and all wildcard *.domain.extension to domain.extension that has one single ssl cert that is not a wildcard cert and not a cert for www, only a ssl cert for domain.extension? Because www is the old stupid standard that is still what is usually needed in web server configurations. But I don't like it and prefer to direct all traffic to change the domains that people type www to remove that and direct the people to the domain. I think this would be better configured in Apache configuration and not in DNS level. I have never found a good method that I like. So what do you do on your servers?
 
I don’t think you can do that, but not entirely sure what you mean.

”Forward” from where to where?

You can set-up DNS A records so all domains go to an IP and then have a web server like Apache or nginx process the Host headers (SNI) - but then it will break down at that point (assuming you mean web requests.)
 
richardtoohey2 said:
I don’t think you can do that, but not entirely sure what you mean.

”Forward” from where to where?

You can set-up DNS A records so all domains go to an IP and then have a web server like Apache or nginx process the Host headers (SNI) - but then it will break down at that point (assuming you mean web requests.)
Click to expand...
I don't think doing this at DNS level is a good idea. But maybe. I edited the original with more info... Share some examples please.
 
On DNS: how will the traffic get to your server without the DNS A record?

Then once the traffic arrives SSL will need you to have a certificate matching the host name used.
 
richardtoohey2 said:
On DNS: how will the traffic get to your server without the DNS A record?

Then once the traffic arrives SSL will need you to have a certificate matching the host name used.
Click to expand...
Sorry but you are stepping back too far with your comments. Focus on Apache only. My question is about Apache only. I do not need help with DNS as far as I know... DNS is irrelevant.
 
So you want all requests to be answered by Apache without any domain prefix like "www."; Nearly all will tell you that a simple .htaccess rule can do that, f.e.:

Code: 
RewriteEngine On
RewriteRule ^(.*)$ http://www.yourdomain.com [NC]
RewriteCond %{HTTP_HOST} ^yourdomain.com/$1 [L,R=301]

301 - a redirect "moved permanently". But I won't do that anymore: Such simple rules are saying 301 even to invalid requests: A 404 isn't answered with 404 anymore, after a that 301 another 301 may occur etc.; You will get more and more invalid requests and won't get rid of old stuff that isn't available on your website anymore. Today you've got to take care about "what is not to be seen" much more than ten years ago. Solution:

Allow direct accesses f.e. to your images, css directories etc. - everything else goes to a (f.e. PHP) script; Can be done by .htaccess rules. The script checks if it is a valid request, and decides what to do: 404, redirect to your domain without prefix, or answer directly.

So a dynamic page with "RewriteEngine On" is what works. Note: To get certbot running you've also got to allow .well-known (RewriteRule ^(.well-known/) - [L]), otherwise it can't do its checks and will fail.
 
But how does that work for this bit of the OP's request:

Angel Hess said:
has one single ssl cert that is not a wildcard cert and not a cert for www, only a ssl cert for domain.extension
Click to expand...

It's easy enough to do the DNS and the Apache part - but wild card (or multiple) domains on a single domain certificate? I don't think that's possible, but happy to learn otherwise.
 
Angel Hess said:
If DNS is relevant please share an example DNS record here.
Click to expand...
No, DNS is highly relevant. Something like www.example.com is a DNS name with three parts, a subdomain (www), a domain (example), and a top-level-domain (com). If you're serving HTTP(S) traffic from something with only two parts, you're using what's called a "bare domain". I personally don't care for them. See here for more:

Project Shield | Support

support.projectshield.withgoogle.com support.projectshield.withgoogle.com

If you want to send all traffic to both a bare domain and any subdomain to the same IP, you have to set up the bare domain and a wildcard DNS record:

Wildcard DNS record - Wikipedia

en.wikipedia.org en.wikipedia.org

Note from that page that the rules for wildcard matching are tricky.
 
You must log in or register to reply here.
Back
Top