Am 02.04.2018 um 20:56 schrieb Helmut K. C. Tessarek: > On 2018-03-29 04:16, Stefan Eissing wrote: >> Besides, except for data center setups, Apache will be used *only* >> with https: (and http: redirects to https:) very, very soon. That >> shifts the average expertise of an admin setting up a https: site. > > This statement makes me a bit nervous. Are you saying that there won't > be a way to use Apache with http anymore?
no, it's just an opinion based on the Chrome will penalty non-https in general (bseides: the ACME challenge is happy with a automatic rediect to https even if it's a self-signed certificate) that opinion completly ignores setups where the load-balancer does tls-offloading/caching and has a dediacted connection in a seperated network to the backend servers which are http-only forever the load-balancer can be http://trafficserver.apache.org/ as example which also does HTTP2-over-TLS for the client while the backend connection is also HTTP/1.1 forever - in that case mod_h2/mod_md are not part of the game and even mpm_prefork stays untouched
