You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Wim Kerkhoff <wi...@merilus.com> on 2001/02/26 19:00:09 UTC
lingerd & mod_perl & mod_ssl
I've been trying to get this to work, with the latest versions of
apache/mod_perl/mod_ssl.
Basically it works great with only mod_perl, and the lingerd patches
apply cleanly. However, they don't apply nicely when I add in mod_ssl. I
have to go in and manually apply some of the patches. I did get it all
to compile and run, but now I'm seeing segfaults in the error log :P
Has anybody else had good luck with this?
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc.
wim@merilus.com
Re: lingerd & mod_perl & mod_ssl -- how about Ben-apache_ssl
Posted by Michael <mi...@bizsystems.com>.
> Good guess. mod_ssl adds some initialization code add the end of
> common_init(), and so does lingerd.... which is why lingerd's patch
> wasn't applying cleanly.
>
> I had to make a different patch, for use with mod_ssl. The file is
> ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff (I'll
> put it in a proper lingerd release once I've checked a bit more
> closely how it all works)
>
> With this patch, I got Apache to build with lingerd, mod_perl and
> mod_ssl, and it seems to work fine. Netscape can access it, the
> ssl_engine_log doesn't show any errors, and keep-alive works.
>
I'm running Ben's apache_ssl + mod_perl and am considering adding
lingerd to the mix. I already have lingerd + apache running on the
lite-weight end, and wonder if apache_ssl has similar problems BEFORE
I mess up my production server.
Michael
Michael@bizsystems.com
Re: lingerd & mod_perl & apache_ssl
Posted by Michael <mi...@bizsystems.com>.
> > Vivek Khera wrote:
> > > mod_ssl alters the Apache API, so if you're doing the same then that's
> > > why they clash. Either that or you're patching something near what
> > > mod_ssl patches.
Using apache_ssl requires no alteration of the current lingerd.
Built it last night and am currently testing.
apache-1.3.14 + apache_ssl-1.4.2 + modperl-1.24_01
Michael@bizsystems.com
Re: lingerd & mod_perl & mod_ssl
Posted by Wim Kerkhoff <wi...@merilus.com>.
Roger Espel Llima wrote:
>
> Vivek Khera wrote:
> > mod_ssl alters the Apache API, so if you're doing the same then that's
> > why they clash. Either that or you're patching something near what
> > mod_ssl patches.
>
> Good guess. mod_ssl adds some initialization code add the end of
> common_init(), and so does lingerd.... which is why lingerd's patch
> wasn't applying cleanly.
>
> I had to make a different patch, for use with mod_ssl. The file is
> ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff
> (I'll put it in a proper lingerd release once I've checked a bit
> more closely how it all works)
>
> With this patch, I got Apache to build with lingerd, mod_perl and
> mod_ssl, and it seems to work fine. Netscape can access it, the
> ssl_engine_log doesn't show any errors, and keep-alive works.
Awesome! I will give it a try once I get a chance, I've got some totally
different things to deal with now...
> Btw, SSL really wants keep-alives on (key setup is slow), while
> mod_perl kind of wants them off (images should be served separately
> anyway, and lingerd is much more effective when keep-alives are
> off), so putting mod_ssl and mod_perl in the same Apache is a bit of
> a compromise. I'd still do it for secure dynamic pages, since you
> really need both, but I'd never serve non-secure (http) pages from
> the Apache that has mod_ssl in and keep-alives on.
Interesting! On the server I have this set up on, I have apache running
three different ports. Port 80 is just normal apache/mod_perl. Port 443
(https) is that plus mod_ssl. Port 80 and 443 just have normal web
content, a bunch of plain ol' perl CGI's for administrating things, and
some new Embperl scripts. Port 444 is my custom port. This is running
mod_ssl. I'm trying to optimize that port for speed. All that's
running is two mod_perl handlers. One of them takes care of validating a
short list of registration keys, the other gives files (0-5mb in size)
to the client after verifying that they are allowed. Pretty simple
stuff, just some database calls and logging, and lots of error
checking. The client on the other end is actually a Java application,
which creates an SSL connection to my stuff. Apparently the classes the
Java programmers are using don't support keep-alives. In our case I
don't think it really matters, because after the initial quick auth
request, the actual file downloads take quite a bit longer. At the
moment I'm running lingerd with each port. Before I set up lingerd, they
were having problems with the Java application hanging while downloading
the files from the server. Now (even though apache will randomly
segfault and die) everything on the client is working just fine.
<snip>
> Let me know if something like that works for you... I want to
> officially support mod_ssl in the next release of lingerd, but I
> need more test data!
I'll defenitly let you know how I make out once I get a chance to
recompile everything, test it myself, and get our testers to test the
Java app with it again. It works right now, but obviously it needs to be
fixed properly. I'm hoping to do this stuff early next week... but with
my luck it'll probably be later than that.
Thanks for all your help people! It's much appreciated... this list
rocks!
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc. -|- http://www.merilus.com
Email: wim@merilus.com
Re: lingerd & mod_perl & mod_ssl
Posted by Roger Espel Llima <ro...@iagora.net>.
Vivek Khera wrote:
> mod_ssl alters the Apache API, so if you're doing the same then that's
> why they clash. Either that or you're patching something near what
> mod_ssl patches.
Good guess. mod_ssl adds some initialization code add the end of
common_init(), and so does lingerd.... which is why lingerd's patch
wasn't applying cleanly.
I had to make a different patch, for use with mod_ssl. The file is
ftp://iagora.com/pub/software/lingerd/tmp/aplinger-ssl.diff
(I'll put it in a proper lingerd release once I've checked a bit
more closely how it all works)
With this patch, I got Apache to build with lingerd, mod_perl and
mod_ssl, and it seems to work fine. Netscape can access it, the
ssl_engine_log doesn't show any errors, and keep-alive works.
Btw, SSL really wants keep-alives on (key setup is slow), while
mod_perl kind of wants them off (images should be served separately
anyway, and lingerd is much more effective when keep-alives are
off), so putting mod_ssl and mod_perl in the same Apache is a bit of
a compromise. I'd still do it for secure dynamic pages, since you
really need both, but I'd never serve non-secure (http) pages from
the Apache that has mod_ssl in and keep-alives on.
Anyway, here's the sequence of commands that I used to get
Apache/mod_perl/mod_ssl/lingerd to build:
get and untar:
apache_1.3.17.tar.gz
mod_ssl-2.8.0-1.3.17.tar.gz
mod_perl-1.25.tar.gz
lingerd-0.93.tar.gz
aplinger-ssl.diff
cd mod_ssl-2.8.0-1.3.17
./configure --with-apache=../apache_1.3.17/
cd ../mod_perl-1.25
perl Makefile.PL APACHE_SRC=../apache_1.3.17/src DO_HTTPD=1 \
USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1
make
make install
cd ../lingerd-0.93
vi config.h apache-1.3/ap_lingerd.h
make
make install
mkdir /var/run/lingerd
chown httpd.httpd /var/run/lingerd
chmod 755 /var/run/lingerd
cd ../apache_1.3.17
cp ../lingerd-0.93/apache-1.3/ap_lingerd.* src/main
patch -p0 -d src/ < ../aplinger-ssl.diff
SSL_BASE=SYSTEM ./configure --prefix=/usr/local/ssl-apache \
--enable-module=ssl --activate-module=src/modules/perl/libperl.a \
--enable-module=perl
make
make certificate
make install
Let me know if something like that works for you... I want to
officially support mod_ssl in the next release of lingerd, but I
need more test data!
Roger
--
Roger Espel Llima, roger@iagora.net
http://www.iagora.com/~espel/index.html
Re: lingerd & mod_perl & mod_ssl
Posted by Vivek Khera <kh...@kciLink.com>.
>>>>> "REL" == Roger Espel Llima <ro...@iagora.net> writes:
REL> I'm a bit surprised that mod_ssl would go and change the Apache
REL> source precisely in the same places that lingerd does, but I guess
mod_ssl alters the Apache API, so if you're doing the same then that's
why they clash. Either that or you're patching something near what
mod_ssl patches.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: lingerd & mod_perl & mod_ssl
Posted by Roger Espel Llima <ro...@iagora.net>.
Wim Kerkhoff wrote:
> I've been trying to get this to work, with the latest versions of
> apache/mod_perl/mod_ssl.
>
> Basically it works great with only mod_perl, and the lingerd patches
> apply cleanly. However, they don't apply nicely when I add in mod_ssl. I
> have to go in and manually apply some of the patches. I did get it all
> to compile and run, but now I'm seeing segfaults in the error log :P
>
> Has anybody else had good luck with this?
You're the first one who's tried, as far as I know.
Can you give me the names of the source tarballs that you're using,
and the sequence of commands (tar, make, patch, etc) that leads to
the lingerd patches not applying nicely?
I'm a bit surprised that mod_ssl would go and change the Apache
source precisely in the same places that lingerd does, but I guess
these things happen. In any case, it shouldn't be too hard to get
the two working together...
--
Roger Espel Llima, roger@iagora.net
http://www.iagora.com/~espel/index.html