httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Allow SSLProxy* config in <Proxy> context?
Date Thu, 14 Apr 2016 07:57:30 GMT
On Wed, Apr 13, 2016 at 7:49 PM, Rainer Jung <rainer.jung@kippdata.de> wrote:
> Am 13.04.2016 um 17:04 schrieb Graham Leggett:
>>
>> The catch is that mod_ssl forces us to declare SSL certs and keys server
>> wide, not per directory, loaded and parsed at startup. We however want to
>> specify certs per directory.
>
> Per directory or better in some new way per proxy backend (or proxy worker,
> proxy balancer).

IIUC, the <Proxy> block is a per_dir context already, which can/could
accept any directive provided their ap_check_cmd_context() allows it
(we may need to declare a new PROXY_CONF).

So how about making per_dir SSLProxy* directives, restricted to server
and <proxy> context?
This would let the loading (and validation) work like currently,
mod_ssl could still do its standalone post_config stuff (server AND
per_dir wise).

At runtime, proxy_walk() would still do the merging (there may be same
SSLProxy* in both <VirtualHost> and <Proxy> which need merging, but
that would be a single one since we restrict those directives to
server and <proxy> context).

Finally, if ssl_proxy_enable[_ex]() is given r->per_dir_config, it
could initialize the backend connection with the right context.

Wouldn't that work without so many changes?

Mime
View raw message