Am 10.08.2017 um 15:28 schrieb Stefan Eissing:
Now that mod_md has landed in trunk, I am looking at more ways
to simplify a SSL configuration. Looking at the Listen directive,
it has an optional 2nd protocol parameter.

Would it be unreasonable to assume that a
     Listen NNN https

means that "SSLEngine on" should be the default in all
     <VirtualHost *:NNN>
        ServerName xxx.yyy
        ...
     </VirtualHost>

sections? Would we expect breakage by such a change?

What about name-based virtual hosts that apply to _all_
addresses and ports? E.g. something like:
     <VirtualHost>
        ServerName xxx.yyy
        ...
        <If "%{HTTPS} != 'on'">
           Redirect permanent "/" "https://xxx.yyy/";
        </If>
        ...
     </VirtualHost>

Do you find that ugly/feasible/desirable?

it makes it unflexible, something like port-specific options would solve the current problem that you need to define aecgh and every vhost with all it's options twice and that part is my biggest headache by implement letsencrypt (without mod_md) for hundrets of existing websites

it also would solve the chicken-egg-problem (again, without mod_md) that you first need the http-host working for the well-known verfication file and the path of the certificate could be easily pre-configured in the way of my example, just warn insteda a fatal error on reload when the certfile don't exist
____________________________________

<VirtualHost *>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 <If "%{PORT} == '443'">
  SSLEngine On
  SSLUseStapling Off
  SSLCertificateFile "conf/ssl/corecms.pem"
 </If>
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>
____________________________________

<VirtualHost *>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>

<VirtualHost *:443>
 ServerName corecms.example.com
 DocumentRoot "/www/corecms.example.com"
 SSLEngine On
 SSLUseStapling Off
 SSLCertificateFile "conf/ssl/corecms.pem"
 <Directory "/www/corecms.example.com">
  php_admin_value open_basedir "/www/corecms.example.com"
  php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
 </Directory>
</VirtualHost>

Reply via email to