Hosted WebFinger Service
Some domain owners outsource some or all of their services to different service providers. Many domain owners know how to put up a simple web site, but do not have the capability for or want the responsibility of setting up and managing mail services, instant messaging services, etc. Likewise, some domain owners would like to be able to utilize WebFinger, but do not want to operate the service themselves.
To enable third parties to provide WebFinger services on behalf of your
domain, you need to redirect requests coming to your host to the service
provider who provides WebFinger service for your domain. With Apache, one
merely needs to insert statements like the following into a .htaccess file
or the <VirtualHost> directive. Let's assume your domain is called
"foo.com" and your service provider told you to direct requests to
https://webfinger.example.com
. The redirection
statements for the foo.com domain would be similar to the following.
Redirect permanent ^/.well-known/webfinger https://webfinger.example.com/foo/webfinger
It is important that those redirection statement are triggered from foo.com, not www.foo.com. (Of course, www.foo.com could also have its webfinger services hosted.)
Note that we're using a permanent redirection above. This might be useful for clients that might cache the fact that the redirection is in place to prevent more frequent queries to your server. The negative aspect, though, is that if you switch service providers, it might take some time for the cached information to clear. Therefore, you might prefer something like this next example.
Redirect ^/.well-known/webfinger https://webfinger.example.com/foo/webfinger
If the word "permanent" is missing, then the default value is "temp". At present, Apache treats "temp" as a 302 redirection response. Another value that is perhaps most correct given the current HTTP standard is 307. Thus, the following is recommended for temporary redirection as follows.
Redirect 307 ^/.well-known/webfinger https://webfinger.example.com/foo/webfinger
Do not forget that you should provide redirection statements at your domain in response to an HTTPS query for better security. HTTP (no TLS) may be used if your domain does not provide TLS support, but note that this does mean that your WebFinger responses will be less secure.