httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr James Smith <...@sanger.ac.uk>
Subject Re: [users@httpd] Make Apache react more graceful to SSL errors
Date Sun, 01 May 2016 13:28:42 GMT
Agree with Michael,

My start/stop scripts all now do a configtest before trying to 
stop/start apache - this way I never have no service if something goes 
wrong!

I do have a forcestop which will stop an apache if the config is wrong - 
as a last resort!

James

On 01/05/2016 14:27, Michael A. Peters wrote:
> On 05/01/2016 06:19 AM, Florian Lindner wrote:
>> Hello,
>>
>> in my server configuration users can place their own SSL certificate in
>> predefined directories. A daily cron script detects them, updates the 
>> apache
>> config and restarts the server.
>>
>> However, if there is a problem with the certificate or key file, the 
>> apache
>> refused to work altogether.
>>
>> Is it possible to make apache disable only the problematic vhost 
>> instead of
>> refusing to start?
>
> What you probably need to do is validate the certificates before 
> updating the apache configuration file. The TLS library (e.g. openssl) 
> probably can do that, though I'm not familiar with the specific 
> argument you would need.
>
> Apache also has a check that can test whether or not apache will 
> successfully start, that you can run before restarting the server.
>
> apachectl configtest
>
> I believe is the command.
>
> I'm not sure it tests all the TLS certs but if it doesn't, it is a bug 
> in my mind.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message