Re: Listen 443 https

Thu, 10 Aug 2017 07:21:45 -0700 


Am 10.08.2017 um 15:28 schrieb Stefan Eissing:

Now that mod_md has landed in trunk, I am looking at more ways
to simplify a SSL configuration. Looking at the Listen directive,
it has an optional 2nd protocol parameter.

Would it be unreasonable to assume that a
     Listen NNN https

means that "SSLEngine on" should be the default in all
     <VirtualHost *:NNN>
        ServerName xxx.yyy
        ...
     </VirtualHost>

sections? Would we expect breakage by such a change?

What about name-based virtual hosts that apply to _all_
addresses and ports? E.g. something like:
     <VirtualHost>
        ServerName xxx.yyy
        ...
        <If "%{HTTPS} != 'on'">
           Redirect permanent "/" "https://xxx.yyy/";
        </If>
        ...
     </VirtualHost>

Do you find that ugly/feasible/desirable?



it makes it unflexible, something like port-specific options would solve 
the current problem that you need to define aecgh and every vhost with 
all it's options twice and that part is my biggest headache by implement 
letsencrypt (without mod_md) for hundrets of existing websites



it also would solve the chicken-egg-problem (again, without mod_md) that 
you first need the http-host working for the well-known verfication file 
and the path of the certificate could be easily pre-configured in the 
way of my example, just warn insteda a fatal error on reload when the 
certfile don't exist

____________________________________

<VirtualHost *>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 <If "%{PORT} == '443'">
  SSLEngine On
  SSLUseStapling Off
  SSLCertificateFile "conf/ssl/corecms.pem"
 </If>
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>
____________________________________

<VirtualHost *>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>

<VirtualHost *:443>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 SSLEngine On
 SSLUseStapling Off
 SSLCertificateFile "conf/ssl/corecms.pem"
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>























					Reply via email to