[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: converting my local site to be https only access



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, May 02, 2017 at 11:35:19AM +0100, Jonathan Dowland wrote:

[...]

> one of the instruction sets you were following was suggesting to use
> mod_rewrite. Personally, I think that's overkill [...]

Good advice. Debugging Apache's mod_rewrite turns out to be a black
art in itself [1].

[elided, agree]

> This is all from memory as I haven't used apache2 myself for many years (and
> looking back, having since used things like lighttpd and more recently nginx,
> the configuration language is much worse; stockholm syndrome whilst I was a
> user perhaps?)

I don't understand that: do you find Apache's config worse, or
lighttpd's or nginx's?

Personally I *strongly* prefer lighttpd (I don't know nginx enough
to bother anyone with my opinion). Apache config's "looks-like-XML-
but-really-isn't" is downright ugly, but one can cope with that
(perhaps holding one's nose while editing. But the semantics ("looks-
like-declarative-but-really-isnt" -- see a pattern?) is horribly
error prone, and you've got to internalize that seven-phase model
and the hooks each module gets a stab at to understand the somewhat
counter-intuitive interaction of different configuration directives.

The result is that most end up cargo-culting some random snippets
off the Tubes, mixing them into their distro's default config and
beating on the resulting mess until it seems to work. Maintainability
and security... less good.

At work, Apache (they want it badly and it's not mine anyway). At
home, lighttpd (it's mine, after all).

Regards

[1] Written about an older mod_rewrite (Apache 1.3), but mod_rewrite has
   *grown* since then:

    ``The great thing about mod_rewrite is it gives you all the
      configurability and flexibility of Sendmail. The downside
      to mod_rewrite is that it gives you all the configurability
      and flexibility of Sendmail.''
            -- Brian Behlendorf
            Apache Group

    `` Despite the tons of examples and docs, mod_rewrite is voodoo.
       Damned cool voodoo, but still voodoo. ''
            -- Brian Moore
            bem@news.cmc.net

   in http://mx.demos.su/manual/mod/mod_rewrite.html. I'd keep that
   reference around anyway, since it helps a lot to wrap one's head
   around Apache's "phases", without which config will stay a mystery
   forever.

- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlkIbHoACgkQBcgs9XrR2kZsnQCfcsfSNnV+QLy3FB5NR7aTx+gp
188An05nuNZWwBDgR1ZgaQQ8jQ/II6JU
=YIX4
-----END PGP SIGNATURE-----


Reply to: