[OPEN-ILS-DEV] Apache conf improvements
Joe Atzberger
atz at esilibrary.com
Wed Sep 2 12:20:26 EDT 2009
Mike Rylander wrote:
> On Tue, Sep 1, 2009 at 11:03 PM, Joe Atzberger<atz at esilibrary.com> wrote:
>
>> Evergreen's Apache configuration has to play nice with others. Users might
>> quite reasonably want to install/use phpPGadmin, ReservesDirect, gitweb,
>> their old ILS, or even another instance of evergreen under a different user.
>> That basically comes down to us being more articulate about NameVirtualHost
>> and ServerName.
>>
>> Some corrections and some improvements:
>> ~ ServerAlias with IP:port conflicts with NameVirtualHost on *
>> ~ Add IfModule conditionals for optional features (expires, SSL)
>> ~ comments and commented out alternative settings
>>
>
> Thanks, Joe! One change I'd request is that SSL shouldn't be
> optional. A self-signed cert will work for demo/testing purposes, and
> there are security concerns that can only be reasonably addressed by
> using SSL. IIRC, there are instructions on creating a self-signed
> cert in the installation instructions, no?
>
> --miker
>
There instructions are there, and match the command that's in the conf
file itself.
I'm not trying to make the decision whether SSL is required for
Evergreen or not. In fact, I explicitly added to the documentation:
a2enmod ssl # enable mod_ssl
I'm just trying to avoid crashing Apache for EG (and all other web
services) where possible. But I get what you're saying that we don't
want to enable a weak security model to slip through. So I'll resubmit
w/o that conditional, and add a configtest call to the docs, so that at
least we give the user a chance not to take down their other sites.
--Joe
More information about the Open-ils-dev
mailing list