Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 65533200C7B for ; Sat, 20 May 2017 20:03:01 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 63C24160BBE; Sat, 20 May 2017 18:03:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5D3E2160BA7 for ; Sat, 20 May 2017 20:03:00 +0200 (CEST) Received: (qmail 45538 invoked by uid 500); 20 May 2017 18:02:59 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 45528 invoked by uid 99); 20 May 2017 18:02:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 May 2017 18:02:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id BA57CC0362 for ; Sat, 20 May 2017 18:02:58 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.98 X-Spam-Level: * X-Spam-Status: No, score=1.98 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URI_TRY_3LD=0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 3isUOgBW5q3A for ; Sat, 20 May 2017 18:02:54 +0000 (UTC) Received: from smtp77.ord1c.emailsrvr.com (smtp77.ord1c.emailsrvr.com [108.166.43.77]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 9BE115F36B for ; Sat, 20 May 2017 18:02:54 +0000 (UTC) Received: from smtp2.relay.ord1c.emailsrvr.com (localhost [127.0.0.1]) by smtp2.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 80D80C00D7 for ; Sat, 20 May 2017 14:02:48 -0400 (EDT) X-Auth-ID: m.khalili@rqc.ru Received: by smtp2.relay.ord1c.emailsrvr.com (Authenticated sender: m.khalili-AT-rqc.ru) with ESMTPSA id 66B26C00D1 for ; Sat, 20 May 2017 14:02:46 -0400 (EDT) X-Sender-Id: m.khalili@rqc.ru Received: from [192.168.1.36] ([UNAVAILABLE]. [31.173.83.32]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Sat, 20 May 2017 14:02:48 -0400 Date: Sat, 20 May 2017 21:02:22 +0300 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----32II9AUCHFV19YUTYXI59IQSDBW2DA" Content-Transfer-Encoding: 7bit To: users@httpd.apache.org From: Marat Khalili Message-ID: <9FDC9823-B640-4543-B8F9-8B20AA25F91B@rqc.ru> Subject: Re: [users@httpd] Suggestion/Question about HTTP & HTTPS configurations archived-at: Sat, 20 May 2017 18:03:01 -0000 ------32II9AUCHFV19YUTYXI59IQSDBW2DA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable If you really don't need vhost-specific HTTPS configurations (have wildcard= certificate?), you can probably make HTTPS copies of all of your HTTP vhos= ts with some clever use of mod_proxy and mod_rewrite=2E I wouldn't recommen= d going this way though, sounds like interesting exercise but more trouble = than benefits in production=2E > Debian uses "Include" by default because of it's built-in `a2ensite` sho= rtcut=2E Even with the Include (as your code illustrates) there needs to be= a Virtual Host configuration block for HTTP on port 80 and for HTTPS on po= rt 443=2E You can still use your Include within that Include=2E Works great for me= =2E > Unless specifically configured differently, why not assume they are the = same (as HTTP/port 80 for a matching Virtual Host)? Because:=20 * Most real installations are more complex than that=2E * Apache configuration does not work this way (what if I don't want either= of HTTP or HTTPS vhosts?) * Every HTTPS vhost normally needs some configuration, at least a separate= certificate=2E * Finally, your proposed behavior is not even a good default these days (r= edirect from HTTP to HTTPS is)=2E --=20 With Best Regards, Marat Khalili On May 20, 2017 7:46:39 PM GMT+03:00, Adam Powell wrote: >Hi Daniel, > >Thanks for trying to help but maybe I didn't explain this well enough=2E > >Debian uses "Include" by default because of it's built-in `a2ensite` >shortcut=2E > >Even with the Include (as your code illustrates) there needs to be a >Virtual Host configuration block for HTTP on port 80 and for HTTPS on >port >443=2E > >Unless specifically configured differently, why not assume they are the >same (as HTTP/port 80 for a matching Virtual Host)? > >I hope that helps clarify=2E > >Adam Powell >http://www=2Eadaminfinitum=2Ecom > > >On Sat, May 20, 2017 at 6:05 AM, Daniel wrote: > >> There is a directive called "Include" >> >> With this directive you can specify any number of directives in a >file >> and then define the Include pointing to the same file wherever you >may >> need=2E >> >> For instance >> >> >> Include conf/common=2Econf >> >> >> >> SSLEngine on >> SSLCertificatefile conf/x509=2Ecrt >> SSLCertitificateKeyFile conf/rsa=2Ekey >> Include conf/common=2Econf >> >> >> and common=2Econf can have: >> ServerName myserver=2Eexam=2Ecom >> DocumentRoot /var/www >> DirectoryIndex index=2Ehtml >> FallbackResource /index=2Ehtml >> Redirect /one/ /two/ >> Header set myheader "Hello" >> # and all directives you may need=2E >> >> >> >> >> 2017-05-20 2:53 GMT+02:00 Adam Powell : >> > Hello, >> > >> > I am a user of Apache in the sense that I install it, configure it >and >> run >> > it to host sites=2E=2E=2EI'm hoping this is the correct list to send = this >to=2E >> > >> > Anyway, I recently did my first "from scratch" Apache install, >build and >> > configuration in a cloud server (I had always used cPanel & WHM >before)=2E >> > >> > My suggestion is that Apache should "assume" that port 80 for HTTP >and >> port >> > 443 for HTTPS and that they both serve the same content=2E >> > >> > I'm not suggesting people shouldn't be able to customize it, but >adding >> > duplicate and redundant directives for each Virtual Host for HTTP >and >> HTTPS >> > seems unneeded=2E >> > >> > In short, I'm suggesting a "smart default" that in the absence of a >> specific >> > Virtual Host configuration for HTTPS, just assumes that the HTTPS >matches >> > the HTTP config for that Virtual Host=2E >> > >> > Background: I got Apache (2=2E4=2Ex) up and running on a Debian VM, >> configured >> > all my Virtual Hosts, installed an SLL certificate and went to view >the >> > HTTPS version of a site=2E >> > >> > I was redirected to the 'default' page for the server (not the >default >> page >> > for the Virtual Host)=2E >> > >> > I then realized I needed additional, identical rules for that >Virtual >> Host >> > for HTTPS on port 443=2E=2E=2Esimply put, it seems like that extra le= vel >of >> > configuration shouldn't be required=2E=2E=2Ethat it should work that = way >> > automagically unless specifically configured otherwise=2E >> > >> > If not, I'd love to know why that's a bad idea=2E >> > >> > Thanks! >> > >> > Adam Powell >> > http://www=2Eadaminfinitum=2Ecom >> > >> >> >> >> -- >> Daniel Ferradal >> IT Specialist >> >> email dferradal at gmail=2Ecom >> linkedin es=2Elinkedin=2Ecom/in/danielferradal >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd=2Eapache=2Eorg >> For additional commands, e-mail: users-help@httpd=2Eapache=2Eorg >> >> ------32II9AUCHFV19YUTYXI59IQSDBW2DA Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable If you really don't need vhost-specific HTTPS = configurations (have wildcard certificate?), you can probably make HTTPS co= pies of all of your HTTP vhosts with some clever use of mod_proxy and mod_r= ewrite=2E I wouldn't recommend going this way though, sounds like inter= esting exercise but more trouble than benefits in production=2E

> Debian uses "Include" by default because of it's built-= in `a2ensite` shortcut=2E Even with the Include (as your code illustrates) = there needs to be a Virtual Host configuration block for HTTP on port 80 an= d for HTTPS on port 443=2E

You can still use your Include within that Include=2E Works great for me= =2E

> Unless specifically configured differently, why not assume they are t= he same (as HTTP/port 80 for a matching Virtual Host)?

Because:
* Most real installations are more complex than that=2E
* Apache configuration does not work this way (what if I don't want ei= ther of HTTP or HTTPS vhosts?)
* Every HTTPS vhost normally needs some configuration, at least a separate= certificate=2E
* Finally, your proposed behavior is not even a good default these days (r= edirect from HTTP to HTTPS is)=2E
--

With Best Regards,
Marat Khalili

On May 20, 2017 7:46:39 PM= GMT+03:00, Adam Powell <adam@adaminfinitum=2Ecom> wrote:
Hi= Daniel,

=
Thanks for try= ing to help but maybe I didn't explain this well enough=2E

Debian uses "Include" = by default because of it's built-in `a2= ensite` shortcut=2E

Ev= en with the Include (as your code illustrates) there needs to be a Virtual = Host configuration block for HTTP on port 80 and for HTTPS on port 443=2E

U= nless specifically configured differently, why not assume they are the same= (as HTTP/port 80 for a matching Virtual Host)?

I hope that helps clarify= =2E

<= font face=3D"arial, helvetica, sans-serif" size=3D"2">Adam Powell

On Sat, May 20, 2017 at 6:05 AM, Daniel <= span dir=3D"ltr"><dferradal@gmail=2Ecom> wrote:
There is a directive called "Include"

With this directive you can specify any number of directives in a file
and then define the Include pointing to the same file wherever you may
need=2E

For instance

<VirtualHost *:80>
Include conf/common=2Econf
</VirtualHost>

<Virtualhost *:443>
SSLEngine on
SSLCertificatefile conf/x509=2Ecrt
SSLCertitificateKeyFile conf/rsa=2Ekey
Include conf/common=2Econf
</Virtualhost>

and common=2Econf can have:
ServerName myserver=2Eexam=2Ecom
DocumentRoot /var/www
DirectoryIndex index=2Ehtml
FallbackResource /index=2Ehtml
Redirect /one/ /two/
Header set myheader "Hello"
# and all directives you may need=2E




2017-05-20 2:53 GMT+02:00 Adam Powell <adam@adaminfinitum=2Ecom>:
> Hello,
>
> I am a user of Apache in the sense that I install it, configure it an= d run
> it to host sites=2E=2E=2EI'm hoping this is the correct list to send = this to=2E
>
> Anyway, I recently did my first "from scratch" Apache insta= ll, build and
> configuration in a cloud server (I had always used cPanel & WHM b= efore)=2E
>
> My suggestion is that Apache should "assume" that port 80 f= or HTTP and port
> 443 for HTTPS and that they both serve the same content=2E
>
> I'm not suggesting people shouldn't be able to customize it, but addi= ng
> duplicate and redundant directives for each Virtual Host for HTTP and= HTTPS
> seems unneeded=2E
>
> In short, I'm suggesting a "smart default" that in the abse= nce of a specific
> Virtual Host configuration for HTTPS, just assumes that the HTTPS mat= ches
> the HTTP config for that Virtual Host=2E
>
> Background: I got Apache (2=2E4=2Ex) up and running on a Debian VM, c= onfigured
> all my Virtual Hosts, installed an SLL certificate and went to view t= he
> HTTPS version of a site=2E
>
> I was redirected to the 'default' page for the server (not the defaul= t page
> for the Virtual Host)=2E
>
> I then realized I needed additional, identical rules for that Virtual= Host
> for HTTPS on port 443=2E=2E=2Esimply put, it seems like that extra le= vel of
> configuration shouldn't be required=2E=2E=2Ethat it should work that = way
> automagically unless specifically configured otherwise=2E
>
> If not, I'd love to know why that's a bad idea=2E
>
> Thanks!
>
> Adam Powell
> http://www=2Eadaminfinitum=2Ecom
>



--
Daniel Ferradal
IT Specialist

email         dferradal at gmail=2Ecom
linkedin     es=2Elinkedin=2Ecom/in/danielferradal

------------------------------------------------------------= ---------
To unsubscribe, e-mail: users-unsubscribe@httpd=2Eapache=2Eorg
For additional commands, e-mail: users-help@httpd=2Eapache=2Eorg


------32II9AUCHFV19YUTYXI59IQSDBW2DA--