light+ssl/heavy and conf management
by Adam Prime x443 other posts by this author
Dec 4 2006 10:29AM messages near this date
Apache2::Upload and End of file found error
|
Re: light+ssl/heavy and conf management
This isn't strictly mod_perl related, but it's defiantly something that
people running a light/heavy setup using SSL must run into, and I can't
seem to find very many good pointers about how to most easily handle
this kind of situation (which I think would be a common sort of setup).
I'm in the process of moving about a half a dozen domains to a
light/heavy setup with SSL being done on the light server and proxied to
the backend on localhost. I've been trying to find a good way to
minimize the potential to have inconsistencies in the configuration of
the front, SSL, and backend servers, and it seems like the most obvious
way to do that would be to use a single configuration file, using
IfDefine's to specify what's supposed to be for who.
This is an example of what the conf is looking like (simplified)
<VirtualHost 10.10.81.130>
ServerAdmin webmaster@[...].com
DocumentRoot /www/htdocs/@-----.com
ServerName -----.com
<IfDefine !SSL>
ErrorLog logs/-----.com-error_log
CustomLog logs/-----.com-access_log combined
</IfDefine>
<IfDefine SSL>
ErrorLog logs/-----.com-ssl-error_log
CustomLog logs/-----.com-ssl-access_log combined
SSLEngine on
SSLCertificateFile /www/certs/-----.crt
SSLCertificateKeyFile /www/certs/-----.key
</IfDefine>
<IfDefine FrontEnd>
RewriteEngine On
RewriteRule ^/(.*\.html)$ http://localhost:8080/$1 [P]
</IfDefine>
<IfDefine BackEnd>
<FilesMatch "\.html$">
SetHandler modperl
PerlResponseHandler Magic::TemplateHandler
</FilesMatch>
</IfDefine>
</VirtualHost>
<VirtualHost 10.10.81.131>
ServerAdmin webmaster@[...].com
DocumentRoot /www/htdocs/-----2.com
ServerName -----2.com
<IfDefine !SSL>
ErrorLog logs/-----2.com-error_log
CustomLog logs/-----2.com-access_log combined
</IfDefine>
<IfDefine SSL>
ErrorLog logs/-----2.com-ssl-error_log
CustomLog logs/-----2.com-ssl-access_log combined
SSLEngine on
SSLCertificateFile /www/certs/-----2.crt
SSLCertificateKeyFile /www/certs/-----2.key
</IfDefine>
<IfDefine FrontEnd>
RewriteEngine On
RewriteRule ^/(.*\.html)$ http://localhost:8080/$1 [P]
</IfDefine>
<IfDefine BackEnd>
<FilesMatch "\.html$">
SetHandler modperl
PerlResponseHandler Magic::TemplateHandler
</FilesMatch>
</IfDefine>
</VirtualHost>
Now the problem is, is that the vhosts don't work on localhost (for
obvious reasons) and I can't use <VirtualHost *> because the SSL servers
won't work right.
So what I was thinking of doing, was modifying apachectl to put the main
configuration through a filter that would remove the IP's and replace
them with <VirtualHost *> , and save that to disk, then use that conf
file for the backend. mod_proxy has a setting to preserver the Host
header of it's proxy requests to that of the original request, which
should make pure name based vhosting work correctly on localhost.
This seems like an 'ok', though potentially more complicated than
necessary solution. What I was wondering is how other people have
solved this? Does everyone just use totally separate configuration
files? Something else? Any feedback or idea's would be appreciated.
Thread:
Adam Prime x443
Michael Peters
Jonathan
|
