On Mon, Sep 10, 2001 at 06:26:22PM -0500, Nathan E Norman wrote:
> On Mon, Sep 10, 2001 at 04:22:11PM -0500, will trillich wrote:
> > i have mod_perl working like a dream -- and i'd like to add
> > mod_ssl, so:
> [ snip ]
>
> Welcome to the wonderful world of apache-perl vs. libapache-mod-ssl.
> After beating my head against this a few times I decided to trash
> apache-perl and just use apache with modules. Since I made that
> decision I've been a lot happier.
i suspected that this would be my case, too. bite the bullet, i
suppose...
> I find the default apache configs to be abominable; I hack them up
> quite a bit :) (sorry Johnie). For example, I run all my virtual
> hosts out of VirtualHost stanzas; I keep the global configuration to a
> minimum.
i agree. i always step through them and ditch what we don't need,
and wrap dependent statements into their requisite <IfModule...>
sections so we can turn features on and off for quick testing and
debugging. (if'n yer asks me, i think the off-the-shelf configs
should have all mod-dependent statements so wrapped. but i'm new
at this... )
> I know that's not the answer you wanted to hear, but if you're
> interested in going this route and want to peek at my configs let me
> know.
if you can, that'd be great. i was originally running apache
(deb) with mod_perl as a *.so, and 'upgraded' for reasons i can't
recall. unless there's a major difference between apache.deb with
mod_perl dynamically linked, compared to apache-perl with static
link-in, i may as well get back to it...
--
how about this idea -- a firewall-resident lightweight apache
with ssl, that forwards requests to the real backend server
that's laden down with mod_perl muscle. i'm hoping to have :443
and :80 (secure and open) all look alike and be configured with
one main config file (HTML::Mason in particular -- it'd be awful
to have to split the software between secure and insecure
areas).
'net firewall box backend server
http --> 11.22.33.44:80 ---> 192.168.10.20:80
apache apache/mod_perl
https--> 11.22.33.44:443 --> 192.168.10.20:80
apache/mod_ssl apache/mod_perl
verify certificate,
forward req to backend
server if all tests pass
is that hard to set up? (i've been looking at Stas Beckman's
wonderful perl.apache.org/guide and i can tell that if my brain
cells were a bit more evolved i'd probably understand how to do
what i want from what Stas has posted there. alas-- )
--
DEBIAN NEWBIE TIP #18 from Will Trillich <[EMAIL PROTECTED]>
:
How do you DISABLE A NETWORK SERVICE? There are several ways
network services are made available: for inetd items, modify
/etc/inetd.conf and then "/etc/init.d/inetd restart". For
independently-running daemons, try "/etc/init.d/<daemon> stop"
(or to permanently zap them, "apt-get --purge remove <daemon>").
Also see http://newbieDoc.sourceForge.net/ ...
