[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#604647: marked as done (apache2.2-common: a2ensite should handle default-ssl specially)

Your message dated Mon, 13 May 2013 20:28:02 +0200
with message-id <519130B2.9000800@debian.org>
and subject line apache2.2-common: a2ensite should handle default-ssl specially
has caused the Debian Bug report #604647,
regarding apache2.2-common: a2ensite should handle default-ssl specially
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

604647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604647
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2.2-common
Version: 2.2.16-4
Severity: wishlist
Tags: patch


a2ensite (and a2dissite) currently handle the default site specially, calling
the resulting symlink 000-default so that it is loaded first. It would be nice
to do the same with the default-ssl site, calling the symlink 001-default-ssl.

Here is a patch (generated with svn diff from your development repository) that
modifies a2enmod and a2ensite.8 to do and document that.


Tanguy Ortolo

-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env mime
  negotiation php5 reqtimeout setenvif status userdir
List of enabled php5 extensions:
  curl idn mysql mysqli pdo pdo_mysql suhosin

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-common depends on:
ii  apache2-utils                 2.2.16-4   utility programs for webservers
ii  apache2.2-bin                 2.2.16-4   Apache HTTP Server common binary f
ii  libmagic1                     5.04-5     File type determination library us
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip
ii  mime-support                  3.48-1     MIME files 'mime.types' & 'mailcap
ii  perl                          5.10.1-16  Larry Wall's Practical Extraction 
ii  procps                        1:3.2.8-9  /proc file system utilities

Versions of packages apache2.2-common recommends:
ii  ssl-cert                      1.0.26     simple debconf wrapper for OpenSSL

Versions of packages apache2.2-common suggests:
pn  apache2-doc          <none>              (no description available)
pn  apache2-suexec | apa <none>              (no description available)
ii  chromium-browser [ww 6.0.472.63~r59945-2 Chromium browser
ii  epiphany-browser [ww 2.30.6-1            Intuitive GNOME web browser
ii  iceape-browser [www- 2.0.10-1            Iceape Navigator (Internet browser
ii  iceweasel [www-brows 3.6.4~build2-1      Web browser based on Firefox
ii  kazehakase [www-brow 0.5.8-4             GTK+-based web browser that allows
ii  links2 [www-browser] 2.3~pre1-1          Web browser running in both graphi
ii  lynx-cur [www-browse 2.8.8dev.5-1        Text-mode WWW Browser with NLS sup
ii  midori [www-browser] 0.2.4-3             fast, lightweight graphical web br
ii  w3m [www-browser]    0.5.2-9             WWW browsable pager with excellent

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event             <none>     (no description available)
pn  apache2-mpm-itk               <none>     (no description available)
ii  apache2-mpm-prefork           2.2.16-4   Apache HTTP Server - traditional n
pn  apache2-mpm-worker            <none>     (no description available)

-- Configuration Files:
/etc/apache2/mods-available/dir.conf changed [not included]

-- no debconf information
Index: a2enmod
--- a2enmod	(révision 1253)
+++ a2enmod	(copie de travail)
@@ -98,6 +98,7 @@
+        s{^001-default-ssl$}{default-ssl};
     } glob("$choicedir/$arg$sffx");
@@ -115,6 +116,9 @@
     if ( $obj eq 'site' && $acton eq 'default' ) {
         $prio = '000-';
+    if ( $obj eq 'site' && $acton eq 'default-ssl' ) {
+        $prio = '001-';
+    }
     my ( $conftgt, $conflink );
     if ( $obj eq 'module' ) {
Index: a2ensite.8
--- a2ensite.8	(révision 1253)
+++ a2ensite.8	(copie de travail)
@@ -43,8 +43,12 @@
 .B default
-site is handled specially: The resulting symlink will be called
+.B default-ssl
+site are handled specially: The resulting symlinks will be called
 .B 000-default
+.B 001-default-ssl
 in order to be loaded first.

--- End Message ---
--- Begin Message ---

> Jean-Michel Vourgère, 2012-02-20 14:59+0000:
>> Actually, there is a significant difference between default and default-ssl:
>> default defines a VirtualHost on *:80
>> default-ssl defines a VirtualHost on _default_:443
>> If I understand correctly
>> https://httpd.apache.org/docs/2.4/en/vhosts/examples.html#default
>> it means default-ssl has no reason to be loaded before others.

Right, it means that. _default_ is a wildcard expression which matches
when there is nothing more specific. That works for vhosts which are IP
bound such as SSL ...

> I am not sure, but it seems so indeed. Perhaps that _default_ should be
> used to the default site too, since it would be a simpler way to
> implement a catch-all than prefixing its file name with something to
> make sure it is loaded first.

... but it does not work for name based vhosts for the same reason.
These do match either IP or port (they are all destined to port 80) and
are told apart by the HTTP Host header sent (ServerName in Apache) only.

However, if ServerName (or ServerAlias) matches the server name, Apache
just picks the vhost which sorts first: our 000-default.

I guess this answers both questions raised in this bug and for both we
do seem to do the correct thing. Hence, I'm closing here without doing
anything. Feel free to re-open if you do not agree.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

Reply to: