Re: lingerd & mod_perl & mod_ssl
Roger Espel Llima wrote: > > Vivek Khera wrote: > > mod_ssl alters the Apache API, so if you're doing the same then that's > > why they clash. Either that or you're patching something near what > > mod_ssl patches. > > Good guess. mod_ssl adds some initialization code add the end of > common_init(), and so does lingerd which is why lingerd's patch > wasn't applying cleanly. > > I had to make a different patch, for use with mod_ssl. The file is > ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff > (I'll put it in a proper lingerd release once I've checked a bit > more closely how it all works) > > With this patch, I got Apache to build with lingerd, mod_perl and > mod_ssl, and it seems to work fine. Netscape can access it, the > ssl_engine_log doesn't show any errors, and keep-alive works. Awesome! I will give it a try once I get a chance, I've got some totally different things to deal with now... > Btw, SSL really wants keep-alives on (key setup is slow), while > mod_perl kind of wants them off (images should be served separately > anyway, and lingerd is much more effective when keep-alives are > off), so putting mod_ssl and mod_perl in the same Apache is a bit of > a compromise. I'd still do it for secure dynamic pages, since you > really need both, but I'd never serve non-secure (http) pages from > the Apache that has mod_ssl in and keep-alives on. Interesting! On the server I have this set up on, I have apache running three different ports. Port 80 is just normal apache/mod_perl. Port 443 (https) is that plus mod_ssl. Port 80 and 443 just have normal web content, a bunch of plain ol' perl CGI's for administrating things, and some new Embperl scripts. Port 444 is my custom port. This is running mod_ssl. I'm trying to optimize that port for speed. All that's running is two mod_perl handlers. One of them takes care of validating a short list of registration keys, the other gives files (0-5mb in size) to the client after verifying that they are allowed. Pretty simple stuff, just some database calls and logging, and lots of error checking. The client on the other end is actually a Java application, which creates an SSL connection to my stuff. Apparently the classes the Java programmers are using don't support keep-alives. In our case I don't think it really matters, because after the initial quick auth request, the actual file downloads take quite a bit longer. At the moment I'm running lingerd with each port. Before I set up lingerd, they were having problems with the Java application hanging while downloading the files from the server. Now (even though apache will randomly segfault and die) everything on the client is working just fine. > Let me know if something like that works for you... I want to > officially support mod_ssl in the next release of lingerd, but I > need more test data! I'll defenitly let you know how I make out once I get a chance to recompile everything, test it myself, and get our testers to test the Java app with it again. It works right now, but obviously it needs to be fixed properly. I'm hoping to do this stuff early next week... but with my luck it'll probably be later than that. Thanks for all your help people! It's much appreciated... this list rocks! -- Regards, Wim Kerkhoff, Software Engineer Merilus, Inc. -|- http://www.merilus.com Email: [EMAIL PROTECTED] S/MIME Cryptographic Signature
Re: lingerd & mod_perl & mod_ssl -- how about Ben-apache_ssl
> Good guess. mod_ssl adds some initialization code add the end of > common_init(), and so does lingerd which is why lingerd's patch > wasn't applying cleanly. > > I had to make a different patch, for use with mod_ssl. The file is > ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff (I'll > put it in a proper lingerd release once I've checked a bit more > closely how it all works) > > With this patch, I got Apache to build with lingerd, mod_perl and > mod_ssl, and it seems to work fine. Netscape can access it, the > ssl_engine_log doesn't show any errors, and keep-alive works. > I'm running Ben's apache_ssl + mod_perl and am considering adding lingerd to the mix. I already have lingerd + apache running on the lite-weight end, and wonder if apache_ssl has similar problems BEFORE I mess up my production server. Michael [EMAIL PROTECTED]
Re: lingerd & mod_perl & mod_ssl
Vivek Khera wrote: > mod_ssl alters the Apache API, so if you're doing the same then that's > why they clash. Either that or you're patching something near what > mod_ssl patches. Good guess. mod_ssl adds some initialization code add the end of common_init(), and so does lingerd which is why lingerd's patch wasn't applying cleanly. I had to make a different patch, for use with mod_ssl. The file is ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff (I'll put it in a proper lingerd release once I've checked a bit more closely how it all works) With this patch, I got Apache to build with lingerd, mod_perl and mod_ssl, and it seems to work fine. Netscape can access it, the ssl_engine_log doesn't show any errors, and keep-alive works. Btw, SSL really wants keep-alives on (key setup is slow), while mod_perl kind of wants them off (images should be served separately anyway, and lingerd is much more effective when keep-alives are off), so putting mod_ssl and mod_perl in the same Apache is a bit of a compromise. I'd still do it for secure dynamic pages, since you really need both, but I'd never serve non-secure (http) pages from the Apache that has mod_ssl in and keep-alives on. Anyway, here's the sequence of commands that I used to get Apache/mod_perl/mod_ssl/lingerd to build: get and untar: apache_1.3.17.tar.gz mod_ssl-2.8.0-1.3.17.tar.gz mod_perl-1.25.tar.gz lingerd-0.93.tar.gz aplinger-ssl.diff cd mod_ssl-2.8.0-1.3.17 ./configure --with-apache=../apache_1.3.17/ cd ../mod_perl-1.25 perl Makefile.PL APACHE_SRC=../apache_1.3.17/src DO_HTTPD=1 \ USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1 make make install cd ../lingerd-0.93 vi config.h apache-1.3/ap_lingerd.h make make install mkdir /var/run/lingerd chown httpd.httpd /var/run/lingerd chmod 755 /var/run/lingerd cd ../apache_1.3.17 cp ../lingerd-0.93/apache-1.3/ap_lingerd.* src/main patch -p0 -d src/ < ../aplinger-ssl.diff SSL_BASE=SYSTEM ./configure --prefix=/usr/local/ssl-apache \ --enable-module=ssl --activate-module=src/modules/perl/libperl.a \ --enable-module=perl make make certificate make install Let me know if something like that works for you... I want to officially support mod_ssl in the next release of lingerd, but I need more test data! Roger -- Roger Espel Llima, [EMAIL PROTECTED] http://www.iagora.com/~espel/index.html
Re: lingerd & mod_perl & mod_ssl
> "REL" == Roger Espel Llima <[EMAIL PROTECTED]> writes: REL> I'm a bit surprised that mod_ssl would go and change the Apache REL> source precisely in the same places that lingerd does, but I guess mod_ssl alters the Apache API, so if you're doing the same then that's why they clash. Either that or you're patching something near what mod_ssl patches. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: lingerd & mod_perl & mod_ssl
Wim Kerkhoff wrote: > I've been trying to get this to work, with the latest versions of > apache/mod_perl/mod_ssl. > > Basically it works great with only mod_perl, and the lingerd patches > apply cleanly. However, they don't apply nicely when I add in mod_ssl. I > have to go in and manually apply some of the patches. I did get it all > to compile and run, but now I'm seeing segfaults in the error log :P > > Has anybody else had good luck with this? You're the first one who's tried, as far as I know. Can you give me the names of the source tarballs that you're using, and the sequence of commands (tar, make, patch, etc) that leads to the lingerd patches not applying nicely? I'm a bit surprised that mod_ssl would go and change the Apache source precisely in the same places that lingerd does, but I guess these things happen. In any case, it shouldn't be too hard to get the two working together... -- Roger Espel Llima, [EMAIL PROTECTED] http://www.iagora.com/~espel/index.html
lingerd & mod_perl & mod_ssl
I've been trying to get this to work, with the latest versions of apache/mod_perl/mod_ssl. Basically it works great with only mod_perl, and the lingerd patches apply cleanly. However, they don't apply nicely when I add in mod_ssl. I have to go in and manually apply some of the patches. I did get it all to compile and run, but now I'm seeing segfaults in the error log :P Has anybody else had good luck with this? -- Regards, Wim Kerkhoff, Software Engineer Merilus, Inc. [EMAIL PROTECTED]