Hi Colin,

> The apache update seemed to add & delete stuff on the bottom of httpd.conf.

Yeah, it shouldn't do that and I'm sorry that it did that for you - for
reasons that I don't yet know. The base-apache update for 5207R/5208R
and 5209R do the same thing, although slightly different.

The CCE constructor
/usr/sausalito/constructor/base/apache/set_apache_hostname.pl runs on
CCEd restarts and edits /etc/httpd/conf/httpd.conf.

On 5207R/5208R it looks for these two lines:

# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.

And into the middle of them it adds this line:

PerlConfigRequire /etc/httpd/conf.perl/00-default-vsite.pl

It will also create /etc/httpd/conf/httpd.conf.bak with a copy of
httpd.conf from before the edit.

On 5209R it looks for these two lines one after the other:

# Supplemental configuration

And into the middle of that it adds:

PerlConfigRequire /etc/httpd/conf.perl/00-default-vsite.pl

This update is part of the problem solving for the SSL issue where
incorrect certificates get served.

Before this update the default <VirtualHost> for this GUI-redirect was
realized via methods that are approaching deprecation and function less
well with Apache patches that RedHat has merged down into the Apache
versions that we are using.

The script 00-default-vsite.pl creates additional default
<VirtualHost>-containers on the fly that are loaded before any other
Vsite related <VirtualHost>-containers. One for HTTP and one for HTTPS
(using the AdmServ SSL certificate). The DocumentRoot for both is
/var/www/html/, which facilitates the redirect to the GUI interface.
These default <VirtualHost> containers have the name of the server and
run on the primary IP.

On 5209R they run on every bound IP as first <VirtualHost> to get around
the issue that if someone visits a Vsite that has no SSL (but runs on an
IP where another Vsite *has* SSL enabled) they would get served the SSL
certificate of the Vsite with SSL. This is the somewhat ugly part of SNI.

With best regards

Michael Stauber
Blueonyx mailing list

Reply via email to