On 25/11/2015 22:38, George Sexton wrote: > Mark, > > On 11/24/2015 4:11 PM, Mark Thomas wrote: >> All, >> >> As promised, today's webinar "Apache Tomcat 9: HTTP/2 Quick Start" is >> now available on the Apache Tomcat YouTube channel: >> >> https://www.youtube.com/channel/UCpqpJ0-G1lYfUBQ6_36Au_g > > I watched the video and I have two comments. First, I'm really excited > about SNI support. For my particular use-case, it's going to be really > nice. > > Second, for my use case, I deploy hundreds ( like 700+ on one server > right now) of virtual hosts. I deploy and un-deploy hosts kind of > randomly depending on things that are happening. I use the host-manager > application to deploy/undeploy virtual hosts. At startup time, I have a > script that generates the host entries to a file, and then I include > that file within server.xml using an entity expansion. > > I'm trying to understand how I could dynamically deploy a new host with > an SSL certificate. Since the certificate configuration seems to be > getting done at the connector, it "looks" to me like deploying a host > with a new certificate (or changed certificate) would require > re-starting the connector (tomcat). That would be really painful for me, > forcing me to delay cert changes until maintenance times.
You are correct, that - currently - a Connector restart would be required. > I wish that configuration was more consolidated. Right now (and if I'm > doing this wrong, let me know), I have the generated host snippet that > gets included in server.xml. Then, I have > $CATALINA_BASE/conf/Catalina/hostname/context.xml which contains the > context docBase, and access log valve configuration. Now, I'm looking at > a 3rd thing with the certificates named in the Connector entry. Is there > any way that .pem files that are in > $CATALINA_BASE/conf/Catalina/hostname could be auto-loaded for that > virtual host? I'm just kind of brainstorming. The separation of the Host element and the SSLVirtualHost element was bugging me slightly, as was the duplication of the default host information. This is a good use case for trying to come up with something better / consolidated. > Also, just thinking out > loud, it would be really nice if Tomcat automatically found a host > configuration xml file in $CATALINA_BASE/conf/Catalina/hostname so that > I don't have to do the kind of ugly hack of the entity inclusion which > has it's own problems (picture JSVC restart after deploying new host). We'd need to think about naming, otherwise there will be the potential for the file being treated as a context file. > I appreciate your thoughts, and if I'm doing something the hard way, any > suggestions you might have. I can't think of a better way right now. I'll see what I can come up with. It is probably worth creating an enhancement request in Bugzilla against 9.0.x with the info you provided above. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
