Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 48123 invoked from network); 4 Dec 2006 18:53:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Dec 2006 18:53:05 -0000 Received: (qmail 7355 invoked by uid 500); 4 Dec 2006 18:53:07 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 7341 invoked by uid 500); 4 Dec 2006 18:53:07 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 7330 invoked by uid 99); 4 Dec 2006 18:53:07 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Dec 2006 10:53:07 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of mpeters@plusthree.com designates 207.114.11.197 as permitted sender) Received: from [207.114.11.197] (HELO ns1.plusthree.com) (207.114.11.197) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Dec 2006 10:52:55 -0800 Received: from [192.168.0.4] (c-69-140-90-245.hsd1.md.comcast.net [69.140.90.245]) (authenticated bits=0) by ns1.plusthree.com (8.13.1/8.13.1) with ESMTP id kB4IqNee008524 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 4 Dec 2006 13:52:25 -0500 Message-ID: <45746E06.1040002@plusthree.com> Date: Mon, 04 Dec 2006 13:50:46 -0500 From: Michael Peters User-Agent: Thunderbird 1.5.0.8 (X11/20061107) MIME-Version: 1.0 To: Adam Prime x443 CC: modperl@perl.apache.org Subject: Re: light+ssl/heavy and conf management References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Adam Prime x443 wrote: > I'm in the process of moving about a half a dozen domains to a > light/heavy setup with SSL being done on the light server and proxied to > the backend on localhost. I've been trying to find a good way to > minimize the potential to have inconsistencies in the configuration of > the front, SSL, and backend servers, and it seems like the most obvious > way to do that would be to use a single configuration file, using > IfDefine's to specify what's supposed to be for who. We actually take a different approach for this. We used a templated configs (HTML::Template, but Template Toolkit would work just fine too). We have a single source for the data (in our case another config file, but you could easily just use a DB) and 2 separate configs for the proxy and application server. The configurations between the 2 would be very different (SSL, IP addresses, Keep-Alive settings, mod_perl, etc) that it's just easy to keep them separate. Sometimes we use the same binary for each, just with different configs. This works out really well. We even have a start/stop script for each project that will take the data, put it into the templates, generate the configs and restart the apaches. For an example of this, check out Krang - http://krang.sourceforge.net -- Michael Peters Developer Plus Three, LP