On Tue 01 Apr 2008, Akins, Brian wrote:
> In pseudo config, like niq is suggesting, you could have something like:
>
> <If HTTP_HEADER{Host} =~ cnn\.com$ || TCPPort == 8080>
> #cnn specific stuff here...
> DocumentRoot /htdocs/cnn
> CutomLog "|/usr/bin/logger cnn" my_format
> ErrorLog /var/log/cnn.error
> </If>
I don't like that. I think there are security considerations why logfiles are
opened from the parent process as root. But with other logging mechanisms
that provide write-only semantics it is good. In my setup the apache logs to
a named pipe to a process outside the chroot.
To really create vhosts on the fly I think a new hook in the MPM would be good
that is called from a configuration provider module. It reconfigures the
parent apache and does a graceful restart. This way almost anything can be
reconfigured. A question is whether the provider should send changes to the
apache or a complete new config. In the former case we'd need something like
UnListen localhost:80
CloseErrorLog ...
DeleteVirtualHost localhost:80
In the end the server_rec would go away. We have one server with a list of
loaded modules, a PidFile and an AcceptMutex that is listening on a list of
ports. The rest is configurable this way:
<if localport==443 and localaddr=1.2.3.4>
SSLCertificateFile ...
Protocol http # expecting HTTP to be spoken on the wire
<if header_in{Host}=~cnn\.com>
Timeout 10
ErrorLog ...
</if>
</if>
Or rather the request is passed to the config module that checks localport and
localaddr and issues the SSLCertificateFile directive. Then it checks the
Host-header ...
As for dynamic request configuration, I'd wish some configuration provider
with intelligent conftree caching. That provider then implements a language
as it likes, LUA, Perl, Apache-style <if>...</if>, ... It generates a list of
directives that is compiled into a conftree.
As I understood it the main problem with the current mod_rewrite based config
is that it is too complex. The new language has to watch out not to end at
the same place. One thing that I think is messy is the use of subprocess_env
to pass information from module to module and even from administrator to
module: no-gzip, force-gzip, downgrade-1.0, nokeepalive, redirect-carefully
etc.
Torsten
