Roger Espel Llima wrote:
>
> Vivek Khera wrote:
> > mod_ssl alters the Apache API, so if you're doing the same then that's
> > why they clash. Either that or you're patching something near what
> > mod_ssl patches.
>
> Good guess. mod_ssl adds some initialization code add the end of
> common_init(), and so does lingerd.... which is why lingerd's patch
> wasn't applying cleanly.
>
> I had to make a different patch, for use with mod_ssl. The file is
> ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff
> (I'll put it in a proper lingerd release once I've checked a bit
> more closely how it all works)
>
> With this patch, I got Apache to build with lingerd, mod_perl and
> mod_ssl, and it seems to work fine. Netscape can access it, the
> ssl_engine_log doesn't show any errors, and keep-alive works.
Awesome! I will give it a try once I get a chance, I've got some totally
different things to deal with now...
> Btw, SSL really wants keep-alives on (key setup is slow), while
> mod_perl kind of wants them off (images should be served separately
> anyway, and lingerd is much more effective when keep-alives are
> off), so putting mod_ssl and mod_perl in the same Apache is a bit of
> a compromise. I'd still do it for secure dynamic pages, since you
> really need both, but I'd never serve non-secure (http) pages from
> the Apache that has mod_ssl in and keep-alives on.
Interesting! On the server I have this set up on, I have apache running
three different ports. Port 80 is just normal apache/mod_perl. Port 443
(https) is that plus mod_ssl. Port 80 and 443 just have normal web
content, a bunch of plain ol' perl CGI's for administrating things, and
some new Embperl scripts. Port 444 is my custom port. This is running
mod_ssl. I'm trying to optimize that port for speed. All that's
running is two mod_perl handlers. One of them takes care of validating a
short list of registration keys, the other gives files (0-5mb in size)
to the client after verifying that they are allowed. Pretty simple
stuff, just some database calls and logging, and lots of error
checking. The client on the other end is actually a Java application,
which creates an SSL connection to my stuff. Apparently the classes the
Java programmers are using don't support keep-alives. In our case I
don't think it really matters, because after the initial quick auth
request, the actual file downloads take quite a bit longer. At the
moment I'm running lingerd with each port. Before I set up lingerd, they
were having problems with the Java application hanging while downloading
the files from the server. Now (even though apache will randomly
segfault and die) everything on the client is working just fine.
<snip>
> Let me know if something like that works for you... I want to
> officially support mod_ssl in the next release of lingerd, but I
> need more test data!
I'll defenitly let you know how I make out once I get a chance to
recompile everything, test it myself, and get our testers to test the
Java app with it again. It works right now, but obviously it needs to be
fixed properly. I'm hoping to do this stuff early next week... but with
my luck it'll probably be later than that.
Thanks for all your help people! It's much appreciated... this list
rocks!
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc. -|- http://www.merilus.com
Email: [EMAIL PROTECTED]
S/MIME Cryptographic Signature
