create new tag
view all tags

Ideas for apacheconf Component Improvements

  • Minimum supported version will be 2.4 which means ancient 1.3 and old 2.0 support can be removed.

  • NameVirtualHost no longer required so the horrible process of converting virtual host names into IP addresses can be removed.

  • Automatically create Listen directives for all required ports (listening on all interfaces). Otherwise you specify exactly what you need.

  • Separate config file for each virtualhost. Stored in lcfg.sites.d directory.

  • (kenny) Do not include all files from the lcfg.sites.d directory, but instead add an Include directive for each vhost that has an enabled resource set (default) to the httpd.conf file. Any that don't have that set should result in a file that has a comment at the top saying it's disabled. Reserve this directory for vhost files managed by apacheconf.

  • Better support for using static config for virtualhosts (shipped in a package or via the file component).

  • SSL enabled automatically when required by any virtualhosts, or can be enabled manually if necessary.

  • Support for all standard SSL parameters via resources.

  • Should work "out of the box", probably in a similar way to the default Redhat config. Mostly this just requires some sensible default settings in the headers.

  • For convenience, adding an entry to the modules resource will create sensible defaults for the modulename and moduleobject resources.

  • Ability to associate config with a module so that it is automatically removed when the module is removed from the tag list. Separate config file for each module in lcfg.modules.d directory, this avoids clash with RPM packages which put config chunks into conf.modules.d

  • Ability to override standard templates.

  • Fewer hardwired default settings. Either don't specify them at all and allow apache to choose the right default or specify via resource.

  • apache started by systemd rather than by the component

  • Use Service command for starting/stopping/reloading daemon instead of apachectl
    • Make sure stopping and restarting (om apacheconf restart) is reliable. There used to be problems with httpd not being "stopped enough" before it is restarted, which then failed as resources (ports) were still (reported as) in use by the still dying httpd - neilb.

  • (idurkacz) Being able to apply default directives which apply to all vhosts being maintained by the Apache instance sounds useful to me. A specific case is CosignRequireFactor: in our case, being able to limit that at the top-level to 'INF.ED.AC.UK' for all vhosts is probably what we want to do.

  • (idurkacz) Solution to the vhost Nagios monitoring problem described in LCFG Bug #683

  • (neilb) Better support for verbatim multi-line chunks. See LCFG Bug #840. For example I think the file component "literal" types work better than the current apacheconf.verbatim resources.

  • (shane) Allow (multi-line - split on \n ?) verbatim lines to be created in separate files, which can then be included. Some config combinations are much easier to express this way. Sometimes we want to include the same verbatim config in different vhosts and require consistency.

  • (kenny) You can steal anything (macros, inspiration, amusement) from my webserver.h header which was strongly influenced by Shane's work.

  • (kenny) Don't have hardwired regular expression for the .ht* file denies in the template when securehtaccess is turned on - perhaps turn that into a resource. I need to override it to allow serving .httpd-* RPM header files, but not .htaccess, and also add a deny to .sslaccess. Perhaps better is to add a new resource per vhost for the AccessFileName directive and combine them into the deny stanza if securehtaccess (or better name) is set.

  • (kenny) Add support for Let's Encrypt. The readme for acme-tiny provides a clear description of just how little it would take to implement this.

-- Main.squinney - 2015-11-26

Topic revision: r7 - 2015-12-20 - kenny
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback