Re: EARLY PROPOSAL Apache (and webapp?) policy
On Thu, 12 Sep 2002, Ola Lundqvist wrote:
> Suggestions are very welcome. And yes before we start that discussion.
> This is needed because sometimes this kind of things are really
> a mess.
Why do we necessarily need two separate dirs for config stuff? Why not just
/etc/apacheconf/config.d for all apache config fragments? Then, for each
virtual host, we can create a directory
/etc/apacheconf/<virtualhost>
make a file which defines all the necessary config for the virtual host
(ACL, name, et al) and symlink everything we want into there.
However, I don't know if that sort of thing will necessarily work in the
longer term. Imagine, if you will, two virtual hosts - one which wants
squirrelmail (and I'm not picking on this package, it's just the first that
popped into my head) accessible to the entire world, and one which wants it
only accessible to 10.0.0.0/8. How do we handle that? Assuming all the
squirrelmail config is in one file, the ACL for /usr/share/squirrelmail (or
wherever it's living) will be set in there. To have it different for
different vhosts, we can't use symlinks so we need to copy the file. As it
turns out, the apache config for squirrelmail changes on upgrade, breaking
previous config files. All of a sudden, the copy of the squirrelmail apache
config breaks and the admin puts his head through the wall.
I have no idea how to fix this for the general case, however, so <shrug>.
Overall, I like the way you're thinking, but it needs a lot of flesh to it.
I'd prefer to see it move away from being an Apache Policy to being a web
content policy - that is, encompassing web servers, webapps, static content
(where packages should put stuff) and whatever else fits. Restricting it to
apache doesn't feel like the way to go.
--
Matthew Palmer, Debian Developer
mpalmer@debian.org http://www.debian.org
Reply to: