On Tue 01 Apr 2008, Akins, Brian wrote: > In pseudo config, like niq is suggesting, you could have something like: > > <If HTTP_HEADER{Host} =~ cnn\.com$ || TCPPort == 8080> > #cnn specific stuff here... > DocumentRoot /htdocs/cnn > CutomLog "|/usr/bin/logger cnn" my_format > ErrorLog /var/log/cnn.error > </If>
I don't like that. I think there are security considerations why logfiles are opened from the parent process as root. But with other logging mechanisms that provide write-only semantics it is good. In my setup the apache logs to a named pipe to a process outside the chroot. To really create vhosts on the fly I think a new hook in the MPM would be good that is called from a configuration provider module. It reconfigures the parent apache and does a graceful restart. This way almost anything can be reconfigured. A question is whether the provider should send changes to the apache or a complete new config. In the former case we'd need something like UnListen localhost:80 CloseErrorLog ... DeleteVirtualHost localhost:80 In the end the server_rec would go away. We have one server with a list of loaded modules, a PidFile and an AcceptMutex that is listening on a list of ports. The rest is configurable this way: <if localport==443 and localaddr=1.2.3.4> SSLCertificateFile ... Protocol http # expecting HTTP to be spoken on the wire <if header_in{Host}=~cnn\.com> Timeout 10 ErrorLog ... </if> </if> Or rather the request is passed to the config module that checks localport and localaddr and issues the SSLCertificateFile directive. Then it checks the Host-header ... As for dynamic request configuration, I'd wish some configuration provider with intelligent conftree caching. That provider then implements a language as it likes, LUA, Perl, Apache-style <if>...</if>, ... It generates a list of directives that is compiled into a conftree. As I understood it the main problem with the current mod_rewrite based config is that it is too complex. The new language has to watch out not to end at the same place. One thing that I think is messy is the use of subprocess_env to pass information from module to module and even from administrator to module: no-gzip, force-gzip, downgrade-1.0, nokeepalive, redirect-carefully etc. Torsten