Re: mod_md and ManagedDomain
probably I don't stumble into #httpd enough :P . I'm ezra-s there btw. 2017-12-07 16:32 GMT+01:00 Eric Covener: >> Perhaps a more schematic view will clear things up >> >> mod_md: generates certfiicates for domains >> mod_ssl: Load certificates for domains. If mod_md is present and >> manages a domain, mod_ssl is supposed to use mod_md ones instead of >> those manually given through file paths. > > Think about people stumbling into #httpd though. -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal
Re: mod_md and ManagedDomain
> Perhaps a more schematic view will clear things up > > mod_md: generates certfiicates for domains > mod_ssl: Load certificates for domains. If mod_md is present and > manages a domain, mod_ssl is supposed to use mod_md ones instead of > those manually given through file paths. Think about people stumbling into #httpd though.
Re: mod_md and ManagedDomain
On Thu, Dec 7, 2017 at 8:34 AM, Steffenwrote: > I find the word Managed in ManagedDomain and MD in the other settings already > confusing, are not easy recognized. > > In fact lots of settings are managing domain(s). > > What does mod_md manage ? > > For me mod_md manages in the area of SSL(certificates automation). > > To be more easy to recognize, I propose to make SSL include in all the md > settings. In front or somewhere in the name, for example SSLManagedDomain, > SSLMDMember or ManagedSSLDomain, MDSSLMember. > > Maybe we can consider to rename the module to SSL_MD and include the source > in modules/ssl. > Not trying to pile on or bikeshed but I agree with this.
Re: mod_md and ManagedDomain
2017-12-07 14:34 GMT+01:00 Steffen: > I find the word Managed in ManagedDomain and MD in the other settings already > confusing, are not easy recognized. > > In fact lots of settings are managing domain(s). > > What does mod_md manage ? A basic understanding or reading of the mod_md page will tell you it is to manage generation of certificates automatically. Certificates are associated with CN Names and those with virtualhost names. I have a hard time trying to understand what is difficult to understand about what mod_md is. Perhaps changing the main description a bit will make it more understable? "Managing domains certificates across virtual hosts, certificate provisioning via the ACME protocol" ? > > For me mod_md manages in the area of SSL(certificates automation). > > To be more easy to recognize, I propose to make SSL include in all the md > settings. In front or somewhere in the name, for example SSLManagedDomain, > SSLMDMember or ManagedSSLDomain, MDSSLMember. > > Maybe we can consider to rename the module to SSL_MD and include the source > in modules/ssl. > I've used mod_md a bit and what you describe looks on first sight quite convoluted. mod_md has a specific purpose to generate certificates for specific/managed domains, but why mix directives with mod_ssl? Perhaps a more schematic view will clear things up mod_md: generates certfiicates for domains mod_ssl: Load certificates for domains. If mod_md is present and manages a domain, mod_ssl is supposed to use mod_md ones instead of those manually given through file paths. -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal
Re: mod_md and ManagedDomain
I find the word Managed in ManagedDomain and MD in the other settings already confusing, are not easy recognized. In fact lots of settings are managing domain(s). What does mod_md manage ? For me mod_md manages in the area of SSL(certificates automation). To be more easy to recognize, I propose to make SSL include in all the md settings. In front or somewhere in the name, for example SSLManagedDomain, SSLMDMember or ManagedSSLDomain, MDSSLMember. Maybe we can consider to rename the module to SSL_MD and include the source in modules/ssl. Also note that now all settings begin with MD, except ManagedDomain, what is not logical. > Op 5 dec. 2017 om 16:48 heeft Stefan Eissing> het volgende geschreven: > > Ok, so that something good comes out of all this: Rich just promised to sing > at the next ApacheCon, right Rich? > > "Keys", by ManagedDomainFormerlyCalledYouKnowWhat: > > "You don't conf certificates > to turn me on, > I just give encryption, baby, > from dusk till dawn." > > > Cheers, > Stefan > > >> Am 05.12.2017 um 15:09 schrieb Daniel : >> >> hahaha >> >> >> >> I understand it it may seem silly to discuss this or that name I think >> it will be of great benefit to find a good name in the long run, to >> make it easy to recognize and/or user support. >> >> 2017-12-05 15:06 GMT+01:00 Stefan Eissing : >>> ? >>> Am 05.12.2017 um 15:03 schrieb Luca Toscano : Maybe ManagedDomain and , as iiuc we are going to use for SSLPolicy? Luca 2017-12-05 14:47 GMT+01:00 Stefan Eissing : Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up. -Stefan > Am 05.12.2017 um 14:40 schrieb Luca Toscano : > > Hi Stefan, > > 2017-12-04 14:16 GMT+01:00 Stefan Eissing : > Not much input regarding this naming change. Personally, I like to keep > ' > I propose the following changes: > > 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup' > > I personally find the renaming a bit confusing, since visually there is > no affinity between and MDGroup, but I liked the previous > naming so I might be biased. If the majority thinks this is the way to go > I am fine with it, just wanted to express my opinion :) > > Luca > >>> >> >> >> >> -- >> Daniel Ferradal >> IT Specialist >> >> email dferradal at gmail.com >> linkedin es.linkedin.com/in/danielferradal >
Are the example in https://httpd.apache.org/docs/2.4/mod/mod_proxy_hcheck.html valid?
Hi, While testing we noted the doc example for ProxyHCExpr/ProxyHCTemplate might be misleading: For example: ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/} ProxyPass "/apps" "http://backend.example.com/; hcexpr=ok234 Should be changed to something: ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/} ProxyPass "/apps" "balancer://foo" BalancerMember http://backend.example.com hcexpr=ok234 hcmethod=GET hcuri=/ Note that testing the STATUS won't work here, if there is not headers (hc_read_headers doesn't return OK) so a 400 won't be tested anyway :-( Did we miss something? Should I fix the examples of the doc? Cheers Jean-Frederic