Re: SSLProxyCheckPeerCN / ProxyPreserveHost issue
Hi folks, I came across an old issue that was discussed previously under "SSLProxyCheckPeerCN / ProxyPreserveHost issue": http://mail-archives.apache.org/mod_mbox/httpd-dev/201209.mbox/%3c50462600.7010...@kippdata.de%3E However, I think I have found a legitimate use-case where I do want Apache to behave in the old way. I've detailed the use case in this new bugzilla issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=54656 Assuming that the new behavior since 2.4.3 will be the default going forward, I'm proposing a new directive [1] which would allow Apache in reverse proxy to use the connection hostname for SNI and SSLProxyCheckPeerCN instead of the Host: header. This directive will be added when ProxyPreserveHost is on. I'm curious what your thoughts are on the use case and this proposed directive. Eugene [1] https://issues.apache.org/bugzilla/attachment.cgi?id=30029 (I forgot to add a text extension, so please save it before opening)
Re: Proposed Lua backport for 2.4
On 03/08/2013 11:18 PM, Gregg Smith (gsmith) wrote: > On 3/8/2013 11:49 AM, Daniel Gruno wrote: >> for testing the LuaMapHandler (which no one uses*cough*). > > I tried a week or two ago after finding an example using it, then > quickly found out it had disappeared thanks to a commit logged "remove > some debug logging which snuck in," which snuck out a lot more than > debug logging, then happily backported. > > I was going to bring it up, but your post AC email came through. > > Gregg > > > > Hah, yes, I had a talk with Brian at ApacheCon about the LuaMapHandler, and we were both under the impression, that we had made the code ourselves, so somehow it must've vanished from trunk before I started working on mod_lua. But now it's there (again), and I can see some potential in it for fx. unit testing - and perhaps more stuff once I sit down and have a think about it. One could fx map a controlled set of functions to a single file by doing: LuaMapHandler ^/(foo|bar|baz)$ /www/foo/script.lua $1_handler With regards, Daniel.
Re: Proposed Lua backport for 2.4
On 3/8/2013 11:49 AM, Daniel Gruno wrote: for testing the LuaMapHandler (which no one uses*cough*). I tried a week or two ago after finding an example using it, then quickly found out it had disappeared thanks to a commit logged "remove some debug logging which snuck in," which snuck out a lot more than debug logging, then happily backported. I was going to bring it up, but your post AC email came through. Gregg
Re: Proposed Lua backport for 2.4
On 03/08/2013 08:22 PM, Jim Jagielski wrote: > From what I can see, that's exactly what it does... > > I plan on testing this weekend. Daniel, do you have any > testing suites you use? > Okay, I'm being told I should stop being on Portland time and get back to my usual day rhythm, so I'll cut the testing short and pick it up again tomorrow. What I've been able to piece together so far is at http://www.humbedooh.com/apache/mod_lua_test.lua (You can see a test of this at http://apaste.info/mod_lua_test.lua ) it's a simple test that runs some functions (as a web page), compares the result with what's expected and...yada yada yada. Since a lot of the new functions/features are best tested with the framework, I'll look into adding some more comprehensive testing via just that, either on Saturday or Sunday. With regards, Daniel.
Re: Proposed Lua backport for 2.4
On Fri, 8 Mar 2013, Daniel Gruno wrote: On 03/08/2013 08:22 PM, Jim Jagielski wrote: From what I can see, that's exactly what it does... I plan on testing this weekend. Daniel, do you have any testing suites you use? I have some additions to the Perl framework we use, but that's mostly for testing the LuaMapHandler (which no one uses*cough*). I was advised not to push these changes into the test framework, as it'd break it (as I understand it, we use it for 2.4 tests, not trunk tests), but once/if the stuff gets backported, I'd be happy to put those tests into the framework. It is possible to make tests run only with trunk using need_min_apache_version('2.5'). If that's the only problem, you should commit those tests you have.
Re: mod_proxy_websocket/tunnel
On 08.03.2013 13:40, Jim Jagielski wrote: > From my somewhat limited testing, so far things look good... > Who can provide some more rigorous tests? I never used them myself, but http://autobahn.ws/ provides a broadly used test suite. Mark T. uses it for his development of Websockets for Tomcat. Autobahn also provides a websocket server you could maybe use as a back end, but you could also try Tomcat 7. Since 7.0.27 it comes with a websocket implementation that passes the Autobahn test suite. Currently there are three WS example apps bundled, echo, chat and snake. A short intro is available under http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html Mark T. is now working on a websocket impl for TC trunk which conforms to the upcoming WS programming API standard in Java, but that's work in progress. HTH Rainer
Re: Proposed Lua backport for 2.4
On 03/08/2013 08:22 PM, Jim Jagielski wrote: > From what I can see, that's exactly what it does... > > I plan on testing this weekend. Daniel, do you have any > testing suites you use? > I have some additions to the Perl framework we use, but that's mostly for testing the LuaMapHandler (which no one uses*cough*). I was advised not to push these changes into the test framework, as it'd break it (as I understand it, we use it for 2.4 tests, not trunk tests), but once/if the stuff gets backported, I'd be happy to put those tests into the framework. As for the rest, my tests have primarily been the actual work I have made for the ASF and for myself. However, as there are now people wanting to test the API, I'll sit down tonight and work out a small test suite, so people can see that the stuff works, and hopefully also get some pointers on how to actually use mod_lua to its fullest. I'll let you know as soon as I've come up with something worth sharing. In the meantime, feel free to poke around the source code for fx. modules.apache.org or paste.apache.org (both are in infra's svn repo, https://svn.apache.org/repos/infra/infrastructure/trunk/projects/ ) and see what I'm using there. So, stay tuned, and I'll probably have something for you in a couple of hours. With regards, Daniel.
Re: Proposed Lua backport for 2.4
From what I can see, that's exactly what it does... I plan on testing this weekend. Daniel, do you have any testing suites you use? On Mar 8, 2013, at 1:12 PM, Guenter Knauf wrote: > Am 08.03.2013 17:32, schrieb Daniel Gruno: >> I've just proposed a rather large backport of all the Lua stuff we have >> in trunk, I hope you'll take a look at it. > to me it seems to make more sense to just copy over the trunk version to 2.4 > branch ... > > Gün. > >
Re: Proposed Lua backport for 2.4
Am 08.03.2013 19:15, schrieb Daniel Gruno: On 03/08/2013 07:12 PM, Guenter Knauf wrote: Am 08.03.2013 17:32, schrieb Daniel Gruno: I've just proposed a rather large backport of all the Lua stuff we have in trunk, I hope you'll take a look at it. to me it seems to make more sense to just copy over the trunk version to 2.4 branch ... Gün. That is also what the proposed backport does - it's one big diff of what separates 2.4 and trunk, hence the proposal saying 'sync' ;) I'm sorry if that was unclear from my email. naa, your mail was clear so far, but I saw the backport proposal with the bunch of single links :-P but now I think thats only to make clear on what commits the sync is based ... Gün.
Re: Proposed Lua backport for 2.4
On 03/08/2013 07:12 PM, Guenter Knauf wrote: > Am 08.03.2013 17:32, schrieb Daniel Gruno: >> I've just proposed a rather large backport of all the Lua stuff we have >> in trunk, I hope you'll take a look at it. > to me it seems to make more sense to just copy over the trunk version to > 2.4 branch ... > > Gün. > > That is also what the proposed backport does - it's one big diff of what separates 2.4 and trunk, hence the proposal saying 'sync' ;) I'm sorry if that was unclear from my email. With regards, Daniel.
Re: Proposed Lua backport for 2.4
Am 08.03.2013 17:32, schrieb Daniel Gruno: I've just proposed a rather large backport of all the Lua stuff we have in trunk, I hope you'll take a look at it. to me it seems to make more sense to just copy over the trunk version to 2.4 branch ... Gün.
Proposed Lua backport for 2.4
Hi folks, I've just proposed a rather large backport of all the Lua stuff we have in trunk, I hope you'll take a look at it. Basically, this is a sync between trunk and 2.4, which will bring the LuaCodeCache, the LuaScope server [min [max], Lua input/output filters, LuaMapHandler as well as the bazillion new functions (such as regex support, stat(), scoreboard features, base64/md5/sha1 digests etc) and multipart form data reading into the 2.4 branch. I feel this will be a great addition to the folks already using mod_lua, so they can truly benefit from what Lua has to offer people developing stuff for httpd, whether it be hooks or web scripts. I've tested the trunk version of mod_lua on all of my servers for a good deal of time now, and I haven't run across any problems with trunk as it is today, so I'd like for us to backport these features (stefan and I did quite a bit of cleanup on the whole mess back in December), preferably in one big bit, as the various feautures are so intertwinced, it makes little sense to try to backport each chunk separately. FYI, this version of mod_lua also runs on modules.apache.org and paste.apache.org, so far without any signs of trouble ;) With regards, Daniel.
Re: mod_proxy_websocket/tunnel
From my somewhat limited testing, so far things look good... Who can provide some more rigorous tests?