Am 18.09.2017 um 19:28 schrieb Daniel:
I see
But we already have a handy directive to avoid repetition when
necessary, a directive that btw many distros abuse, "Include". You
define the common parts in a single file and Include the appropiate
file.
that scales bad when the vhost itself is already one of hundrets of
Includes
i have currently written/refactored a "config parser" for vhosts with
support of some comments to configure Letsencrypt tasks as well as
generate the remap/ssl config of a reverse proxy, based on some
Alias-statements webstats shellscripts are generated and the whole
hosting database is feeded with that data too
that works independent of the number of hosts, a shellscript on the
admin-servers fetchs all config file sof all webservers and from there
the central proxy configuration is feeded
well, in other word, with some lines of code based on apache vhost
includes the whole company is driven and implement includs support here
would be at least dangerous and hard to test since that all runs over
many machines and testing environments
2017-09-18 19:18 GMT+02:00 Reindl Harald <h.rei...@thelounge.net>:
Am 18.09.2017 um 17:56 schrieb Daniel:
I tried to read and understand the whole thread and what we are trying
to solve here, but I can't help to think this is an attempt at a new
".htaccess" wildcard thing for SSL that will end in greater confusion.
in Freenode #httpd we generally try to teach people to not be afraid
of defining the necessary virtualhosts. Everyone seems inclined, due
to the amount of trash they have found through google, to define a
single .htaccess files that will solve all their cases, redirections,
and whatnot, and 90% are frustrated on how complicated it is.
The generic solution we give is, (the iconic simplest way), one
virtualhost for each:
<Virtualhost *:80>
ServerName whatever.example.com
Redirect / https://whatever.example.com/
</Virtualhost>
<Virtualhost *:443>
ServerName whatever.example.com
SSLEngine on
etc..
</Virtualhost>
Isn't this much better than any other attempt at reducing it to
"another minimum expression" in a complicated kind of way?
no it is not - have fun define two hosts with all options and i would have
much more samples with much more php-options which needs to be included in
both in doubt
yes, the software fetching lyrics likely had a problem with self-signed
certificates which was the case until short ago but that don't make the
config unreasonable exclude specific locations from enforced https
the only problem cuurently is that $_SERVER['HTTP_PORT'] is wrong for such a
vhost with 80 while it should be 443 in case of a https-connection
<VirtualHost *:80 *:443>
DocumentRoot "/mnt/data/www/example.rhsoft.net"
ServerName example.rhsoft.net
ServerAlias example.test.rh example example.rh.thelounge.net
Alias "/usage" "/var/www/usage/example"
CustomLog "/var/log/apache_example.log" combined
<Directory "/mnt/data/www/example.rhsoft.net">
php_admin_value open_basedir
"/mnt/data/www/example.rhsoft.net:/Volumes/dune/www-servers/phpincludes:/usr/share/php:/usr/share/pear:/mnt/data/audio:/media/WALKMAN/music"
php_admin_value upload_tmp_dir
"/mnt/data/www/example.rhsoft.net/uploadtemp"
php_admin_value soap.wsdl_cache_dir
"/mnt/data/www/example.rhsoft.net/uploadtemp"
php_flag session.cookie_secure "1"
Require all granted
</Directory>
<Directory "/mnt/data/www/example.rhsoft.net/modules/pchart">
Require all denied
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !lyrics.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule mod_ratelimit.c>
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 2800
</IfModule>
RedirectMatch 404 ^/modules/karaoke\-download\.php$
RedirectMatch 404 ^/modules/music/copy\-cli\.php$
RedirectMatch 404 ^/modules/music/validate\-all\-id3\-tags\.php$
SSLEngine Optional
SSLUseStapling On
SSLCertificateFile "/var/lib/letsencrypt/certs/rhsoft-example.conf_rsa.pem"
SSLCertificateFile
"/var/lib/letsencrypt/certs/rhsoft-example.conf_ecdsa.pem"
</VirtualHost>
