Re: mod_md and ManagedDomain

2017-12-07 Thread Daniel 
probably I don't stumble into #httpd enough :P . I'm ezra-s there btw.

2017-12-07 16:32 GMT+01:00 Eric Covener :
>> Perhaps a more schematic view will clear things up
>>
>> mod_md: generates certfiicates for domains
>> mod_ssl: Load certificates for domains. If mod_md is present and
>> manages a domain, mod_ssl is supposed to use mod_md ones instead of
>> those manually given through file paths.
>
> Think about people stumbling into #httpd though.



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

2017-12-07 Thread Eric Covener 
> Perhaps a more schematic view will clear things up
>
> mod_md: generates certfiicates for domains
> mod_ssl: Load certificates for domains. If mod_md is present and
> manages a domain, mod_ssl is supposed to use mod_md ones instead of
> those manually given through file paths.

Think about people stumbling into #httpd though.

Re: mod_md and ManagedDomain

2017-12-07 Thread Eric Covener 
On Thu, Dec 7, 2017 at 8:34 AM, Steffen  wrote:
> I find the word Managed in ManagedDomain and MD in the other settings already 
> confusing, are not easy recognized.
>
> In fact lots of settings are managing domain(s).
>
> What does mod_md manage ?
>
> For me mod_md manages in the area of SSL(certificates automation).
>
> To be more easy to recognize, I propose to make SSL include in all the md 
> settings.  In front or somewhere in the name, for example SSLManagedDomain, 
> SSLMDMember or ManagedSSLDomain, MDSSLMember.
>
> Maybe we can consider to rename the module to SSL_MD and include the source 
> in modules/ssl.
>

Not trying to pile on or bikeshed but I agree with this.

Re: mod_md and ManagedDomain

2017-12-07 Thread Daniel 
2017-12-07 14:34 GMT+01:00 Steffen :
> I find the word Managed in ManagedDomain and MD in the other settings already 
> confusing, are not easy recognized.
>
> In fact lots of settings are managing domain(s).
>
> What does mod_md manage ?

A basic understanding or reading of the mod_md page will tell you it
is to manage generation of certificates automatically. Certificates
are associated with CN Names and those with virtualhost names. I have
a hard time trying to understand what is difficult to understand about
what mod_md is.

Perhaps changing the main description a bit will make it more
understable? "Managing domains certificates across virtual hosts,
certificate provisioning via the ACME protocol" ?

>
> For me mod_md manages in the area of SSL(certificates automation).
>
> To be more easy to recognize, I propose to make SSL include in all the md 
> settings.  In front or somewhere in the name, for example SSLManagedDomain, 
> SSLMDMember or ManagedSSLDomain, MDSSLMember.
>
> Maybe we can consider to rename the module to SSL_MD and include the source 
> in modules/ssl.
>

I've used mod_md a bit and what you describe looks on first sight
quite convoluted.

mod_md has a specific purpose to generate certificates for
specific/managed domains, but why mix directives with mod_ssl?

Perhaps a more schematic view will clear things up

mod_md: generates certfiicates for domains
mod_ssl: Load certificates for domains. If mod_md is present and
manages a domain, mod_ssl is supposed to use mod_md ones instead of
those manually given through file paths.


-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

2017-12-07 Thread Steffen 
I find the word Managed in ManagedDomain and MD in the other settings already 
confusing, are not easy recognized. 

In fact lots of settings are managing domain(s). 

What does mod_md manage ?

For me mod_md manages in the area of SSL(certificates automation).  

To be more easy to recognize, I propose to make SSL include in all the md 
settings.  In front or somewhere in the name, for example SSLManagedDomain, 
SSLMDMember or ManagedSSLDomain, MDSSLMember. 

Maybe we can consider to rename the module to SSL_MD and include the source in 
modules/ssl. 



Also note that now all settings begin with MD, except ManagedDomain, what is 
not logical. 

 

> Op 5 dec. 2017 om 16:48 heeft Stefan Eissing  
> het volgende geschreven:
> 
> Ok, so that something good comes out of all this: Rich just promised to sing 
> at the next ApacheCon, right Rich?
> 
> "Keys", by ManagedDomainFormerlyCalledYouKnowWhat:
> 
> "You don't conf certificates
> to turn me on,
> I just give encryption, baby,
> from dusk till dawn."
> 
> 
> Cheers,
> Stefan
> 
> 
>> Am 05.12.2017 um 15:09 schrieb Daniel :
>> 
>> hahaha
>> 
>> 
>> 
>> I understand it it may seem silly to discuss this or that name I think
>> it will be of great benefit to find a good name in the long run, to
>> make it easy to recognize and/or user support.
>> 
>> 2017-12-05 15:06 GMT+01:00 Stefan Eissing :
>>> ?
>>> 
 Am 05.12.2017 um 15:03 schrieb Luca Toscano :
 
 Maybe ManagedDomain and , as iiuc we are going to use 
 for SSLPolicy?
 
 Luca
 
 2017-12-05 14:47 GMT+01:00 Stefan Eissing :
 Totally agree with you. If you make a better proposal that avoids existing 
 overlaps, I might just pick it up.
 
 -Stefan
 
> Am 05.12.2017 um 14:40 schrieb Luca Toscano :
> 
> Hi Stefan,
> 
> 2017-12-04 14:16 GMT+01:00 Stefan Eissing :
> Not much input regarding this naming change. Personally, I like to keep 
> ' 
> I propose the following changes:
> 
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> 
> I personally find the renaming a bit confusing, since visually there is 
> no affinity between  and MDGroup, but I liked the previous 
> naming so I might be biased. If the majority thinks this is the way to go 
> I am fine with it, just wanted to express my opinion :)
> 
> Luca
> 
 
 
>>> 
>> 
>> 
>> 
>> -- 
>> Daniel Ferradal
>> IT Specialist
>> 
>> email dferradal at gmail.com
>> linkedin es.linkedin.com/in/danielferradal
>

Are the example in https://httpd.apache.org/docs/2.4/mod/mod_proxy_hcheck.html valid?

2017-12-07 Thread jean-frederic clere 
Hi,

While testing we noted the doc example for ProxyHCExpr/ProxyHCTemplate
might be misleading:

For example:
ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
ProxyPass "/apps" "http://backend.example.com/; hcexpr=ok234

Should be changed to something:

ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
ProxyPass "/apps" "balancer://foo"

  BalancerMember http://backend.example.com hcexpr=ok234 hcmethod=GET
hcuri=/


Note that testing the STATUS won't work here, if there is not headers
(hc_read_headers doesn't return OK) so a 400 won't be tested anyway :-(

Did we miss something? Should I fix the examples of the doc?

Cheers

Jean-Frederic