httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Darroch <chr...@pearsoncmg.com>
Subject UseListenScheme proposal
Date Thu, 11 Jul 2013 02:12:18 GMT
Hi --

   I thought I'd toss out a patch I've been working on lately; it's been
a long time since I committed directly, so if some of the "regulars"
wouldn't mind giving some feedback first, I'd appreciate it.

   The idea is to introduce a non-default "UseListenScheme On" setting
which uses the scheme from the Listen directive when constructing
self-referencing URLs:

http://people.apache.org/~chrisd/patches/use_listen_scheme/

   A full commit would also need patches to some of the non-Unix MPMs
(simple, winnt, netware, etc.), update-log-msg-tags needs to run,
docs need to be written, and so forth.

   The impetus here came from the following situation; if you know of
better ways to address it, please describe them!  We have virtual
hosts which serve both HTTP and HTTPS from behind SSL hardware, so
httpd only sees HTTP traffic, but on different ports.  The preferred
configuration is:

    Listen 10.0.0.0:4000
    Listen 10.0.0.0:5000 https
    NameVirtualHost 10.0.0.0:4000
    NameVirtualHost 10.0.0.0:5000
    LogFormat "... %{local}p ..." custom

    <VirtualHost 10.0.0.0:4000 10.0.0.0:5000>
        ServerName www.example.com
        CustomLog "|rotatelogs ... www.example.com:access.log ..." custom
        ...
    </VirtualHost>

   The problem is that the vhost always constructs self-referencing URLs
for redirects, ProxyPassReverse handling, etc. using the "http://" scheme.

   We could have duplicate <VirtualHost>s, one for each port/scheme:

    <VirtualHost 10.0.0.0:4000>
        ServerName http://www.example.com
        ...
    </VirtualHost>
    <VirtualHost 10.0.0.0:5000>
        ServerName https://www.example.com
        ...
    </VirtualHost>

but then we have to duplicate all the vhost configs or split them into
out into Include files, and we end up with additional rotatelogs
processes either way.

   I really just wanted httpd to notice that, according to the Listen
directive, all port 5000 traffic should use the "https://" scheme;
I felt like I'd already supplied sufficient config data for it to
figure this out!  :-)

   The major caveat that I can see is that some folks might object
to having the overhead of apr_socket_data_get/set() calls after each
apr_socket_accept().  I thought perhaps a compile-time option such
as --disable-socket-data could be added to disable this proposed
new code entirely, for those who care.

   Thoughts?  Can anyone see a tidier way to approach this?  (Any
volunteers to update the winnt and netware MPMs?)

   Thanks very much,

Chris.

-- 
GPG Key ID: 088335A9
GPG Key Fingerprint: 86CD 3297 7493 75BC F820  6715 F54F E648 0883 35A9

Mime
View raw message