You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2002/05/24 16:29:08 UTC
Re: [PATCH] simplified apachectl that passes through options
to httpd
At 06:20 AM 5/24/2002, you wrote:
>Cliff Woolley <jw...@virginia.edu> writes:
>
> > On 23 May 2002, Jeff Trawick wrote:
> >
> > > Existing apachectl keywords are still supported for now (except for
> > > some alternate spellings of "startssl" -- whats up with that stuff?).
> >
>
>sslstart|start-SSL)
> $HTTPD -k startssl
> ERROR=$?
> ;;
>
>(well, I'm calling anything but "startssl" an alternate spelling; I
>dunno what came first, but it is "-k startssl" which httpd supports)
Can I ask WHY? -k has never supported anything but start/stop/restart
and has always required a seperate -D SSL argument on Win32.
I see the advantage of a simple apachectl doit verb that includes ssl.
However, overloading -k start -D SSL with -k startssl seems outright
silly. We can't argue back-compat here, -k didn't exist before.
Not that win32 was complete... -k stop should probably stop-graceful
while -k shutdown on win32 should probably slam it all down fast.
Likewise we should probably be adding -k graceful for what we do
today with -k restart, and let -k restart to hard shutdowns of open
connections.
This is similar to the -X debate, with one huge exception. -X has
been around for a very long time :-)
Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Bill Stoddard <bi...@wstoddard.com>.
I think the old apachectl verbs should go. apachectl should source the envars and pass
args unmodified to httpd. That's it.
Bill
----- Original Message -----
From: "Jeff Trawick" <tr...@attglobal.net>
To: <de...@httpd.apache.org>
Sent: Friday, May 24, 2002 1:30 PM
Subject: Re: [PATCH] simplified apachectl that passes through options to httpd
> "William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
>
> > >Heck, I'm even fine with completely ditching the old apachectl verbs
> > >with 2.0.37 and imposing the un-onerous task on admins of converting to
> > >the httpd syntax. Once that happens the help text for httpd matches
> > >what apachectl will accept.
> >
> > I'm not - apachectl has always been a convience thing.
>
> by the way... with 2.0 on Unix, apachectl is a required thing to
> ensure that any environment variables (LD_LIBRARY_PATH and others) are
> set up properly
>
> > If we are making
> > them change their conf to use httpd -k start without specifing -D SSL, I am
> > still in favor of handling apachectl startssl [and all the silly
> > flavors thereof.]
> >
> > I'm actually against pulling apachectl until version 2.1. Give them some time
> > to adjust, provide some backwards compatibility for the present time. And
> > in the meantime, don't break what apachectl already provides.
>
> no plan to pull apachectl at all... the issue is when to stop mapping
> the old apachectl verbs onto httpd options... the user needs to know
> that all those options that can be passed to httpd can be passed to
> apachectl with no problem... the separate user interface for
> apachectl vs. httpd is potentially confusing...
>
> --
> Jeff Trawick | trawick@attglobal.net
> Born in Roswell... married an alien...
>
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Jeff Trawick <tr...@attglobal.net>.
"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
> >Heck, I'm even fine with completely ditching the old apachectl verbs
> >with 2.0.37 and imposing the un-onerous task on admins of converting to
> >the httpd syntax. Once that happens the help text for httpd matches
> >what apachectl will accept.
>
> I'm not - apachectl has always been a convience thing.
by the way... with 2.0 on Unix, apachectl is a required thing to
ensure that any environment variables (LD_LIBRARY_PATH and others) are
set up properly
> If we are making
> them change their conf to use httpd -k start without specifing -D SSL, I am
> still in favor of handling apachectl startssl [and all the silly
> flavors thereof.]
>
> I'm actually against pulling apachectl until version 2.1. Give them some time
> to adjust, provide some backwards compatibility for the present time. And
> in the meantime, don't break what apachectl already provides.
no plan to pull apachectl at all... the issue is when to stop mapping
the old apachectl verbs onto httpd options... the user needs to know
that all those options that can be passed to httpd can be passed to
apachectl with no problem... the separate user interface for
apachectl vs. httpd is potentially confusing...
--
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options
to httpd
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 11:30 AM 5/24/2002, Jeff Trawick wrote:
>"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
> >
> > err... still a bit redundant, httpd -k start -DSSL should suffice [I'm
> pretty
> > sure that's what you ment to ask :-]
>
>yep, I meant "-k start -DSSL" :)
>
> > >One issue that may affect your opinion: historic apachectl verbs are
> > >to be considered deprecated; the vision is that apachectl is just a
> > >wrapper script whose user interface is the same as httpd. Thinking
> > >long-term (e.g., Apache 2.1 or whatever), would you want the user to
> > >have to do
> > >
> > > httpd -k start -DSSL
> >
> > Yes. How many other server modules [protocols especially, such as
> > pop3 and so on] will beg the same. It's bogus.
> >
> > If you configure your machine for SSL, then run it as SSL already!!!
>
>I'm +.6 on removing the "httpd -k startssl" hack already committed (my
>only reservation is due to my lack of interaction with the folks that
>actually use the startssl|sslstart thingie).
They don't [use the httpd thingie]...
>Heck, I'm even fine with completely ditching the old apachectl verbs
>with 2.0.37 and imposing the un-onerous task on admins of converting to
>the httpd syntax. Once that happens the help text for httpd matches
>what apachectl will accept.
I'm not - apachectl has always been a convience thing. If we are making
them change their conf to use httpd -k start without specifing -D SSL, I am
still in favor of handling apachectl startssl [and all the silly flavors
thereof.]
I'm actually against pulling apachectl until version 2.1. Give them some time
to adjust, provide some backwards compatibility for the present time. And
in the meantime, don't break what apachectl already provides.
Bill
RE: [PATCH] simplified apachectl that passes through options to httpd
Posted by Ryan Bloom <rb...@covalent.net>.
> From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
>
> At 11:18 AM 5/24/2002, you wrote:
> >On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote:
> > > If you configure your machine for SSL, then run it as SSL
already!!!
> > > Why are we trying to say "you've installed and configured SSL, so
now
> > > you have to turn it on explicitly everytime you start up." Which
most
> > > will take as meaning "I have apache2 installed, so now all I need
to
> do
> > > is to startssl and everything will work."
> >
> >Simple: We have static and dynamic modules. Static modules can't turn
> >off their LoadModule lines, so we can't use that to turn on and off
the
> >functionality in those modules. -DSSL is the runtime switch that
mod_ssl
> >uses to enable SSL functionality.
>
> That isn't a reason to create -k startssl to duplicate -k start -D SSL
>
> ...in fact, if you have a problem with not being able to disable a
module
> in
> Apache2, then fix the essential problem, which is disabling modules.
> That was the feature 'broken' in Apache 2.
I'm missing why that is considered broken. If you are compiling your
own server, then you should only statically compile the modules that you
want to use. If you are using a binary dist, then I don't know of any
binary dists that use static modules instead of dynamic ones. Is there
actually a case where somebody has wanted to be able to disable a module
and been unable to?
Ryan
Re: [PATCH] simplified apachectl that passes through options
to httpd
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 11:18 AM 5/24/2002, you wrote:
>On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote:
> > If you configure your machine for SSL, then run it as SSL already!!!
> > Why are we trying to say "you've installed and configured SSL, so now
> > you have to turn it on explicitly everytime you start up." Which most
> > will take as meaning "I have apache2 installed, so now all I need to do
> > is to startssl and everything will work."
>
>Simple: We have static and dynamic modules. Static modules can't turn
>off their LoadModule lines, so we can't use that to turn on and off the
>functionality in those modules. -DSSL is the runtime switch that mod_ssl
>uses to enable SSL functionality.
That isn't a reason to create -k startssl to duplicate -k start -D SSL
...in fact, if you have a problem with not being able to disable a module in
Apache2, then fix the essential problem, which is disabling modules.
That was the feature 'broken' in Apache 2.
And that still doesn't answer the question, why not simply;
#Include conf/ssl.conf
And let them uncomment it when they are good and ready. This shouldn't
be a constantly toggled decision, either it's ready to run SSL or it's not.
Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Jeff Trawick <tr...@attglobal.net>.
"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
> At 10:52 AM 5/24/2002, you wrote:
> >"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
> >
> > > Can I ask WHY? -k has never supported anything but start/stop/restart
> > > and has always required a seperate -D SSL argument on Win32.
> > >
> > > I see the advantage of a simple apachectl doit verb that includes ssl.
> > > However, overloading -k start -D SSL with -k startssl seems outright
> > > silly. We can't argue back-compat here, -k didn't exist before.
> >
> >I think that this is your main point (please confirm):
> >
> > don't support "httpd -k startssl", and instead force the user (or
> > apachectl) to run "httpd -k startssl -DSSL"
>
> err... still a bit redundant, httpd -k start -DSSL should suffice [I'm pretty
> sure that's what you ment to ask :-]
yep, I meant "-k start -DSSL" :)
> >One issue that may affect your opinion: historic apachectl verbs are
> >to be considered deprecated; the vision is that apachectl is just a
> >wrapper script whose user interface is the same as httpd. Thinking
> >long-term (e.g., Apache 2.1 or whatever), would you want the user to
> >have to do
> >
> > httpd -k start -DSSL
>
> Yes. How many other server modules [protocols especially, such as
> pop3 and so on] will beg the same. It's bogus.
>
> If you configure your machine for SSL, then run it as SSL already!!!
I'm +.6 on removing the "httpd -k startssl" hack already committed (my
only reservation is due to my lack of interaction with the folks that
actually use the startssl|sslstart thingie).
Heck, I'm even fine with completely ditching the old apachectl verbs
with 2.0.37 and imposing the un-onerous task on admins of converting to
the httpd syntax. Once that happens the help text for httpd matches
what apachectl will accept.
For the moment I'll wait until I hear more opinions before deviating
from the plan outlined in the original discussion.
Thanks,
--
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Aaron Bannert <aa...@clove.org>.
On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote:
> Seriously, dump the <IfDefine>. For most cases these should really be
> <IfModule mod_ssl.c> entities instead anyways. Only the load module
> itself aught to be caught in an <IfDefine SSL>.
>
> I fail to see how setting up ssl in Apache 2.0 should differ from setting up
> mod_pop3, mod_mbox, mod_jk or any other module.
I'd rather see us decouple "loading" of modules from "enabling" of
modules, and then come up with a consistent way to do both. That way
static modules are just implicitly loaded, DSOs can be optionally
loaded with LoadModule, and it takes something else entirely to
enable or disable*.
*(The default could be to enable or disable, but a consistent way to
override this at start-time would make it really clear to an admin
how they can control this.)
-aaron
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Aaron Bannert <aa...@clove.org>.
On Fri, May 24, 2002 at 11:10:25AM -0500, William A. Rowe, Jr. wrote:
> If you configure your machine for SSL, then run it as SSL already!!!
> Why are we trying to say "you've installed and configured SSL, so now
> you have to turn it on explicitly everytime you start up." Which most
> will take as meaning "I have apache2 installed, so now all I need to do
> is to startssl and everything will work."
Simple: We have static and dynamic modules. Static modules can't turn
off their LoadModule lines, so we can't use that to turn on and off the
functionality in those modules. -DSSL is the runtime switch that mod_ssl
uses to enable SSL functionality.
-aaron
Re: [PATCH] simplified apachectl that passes through options to
httpd
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 24 May 2002, William A. Rowe, Jr. wrote:
> > httpd -k start -DSSL
>
> Yes. How many other server modules [protocols especially, such as
> pop3 and so on] will beg the same. It's bogus.
>
I agree.
As another data point, I've seen a couple people confused by the startssl
thing. They do:
OK, let's start the server:
apachectl start
Now we have the server running, lets add ssl:
apachectl startssl
The options are confusing because they imply you are starting two
different things, whereas in fact, you are starting the same thing with
two different sets of options.
Joshua.
Re: [PATCH] simplified apachectl that passes through options
to httpd
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 10:52 AM 5/24/2002, you wrote:
>"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
>
> > Can I ask WHY? -k has never supported anything but start/stop/restart
> > and has always required a seperate -D SSL argument on Win32.
> >
> > I see the advantage of a simple apachectl doit verb that includes ssl.
> > However, overloading -k start -D SSL with -k startssl seems outright
> > silly. We can't argue back-compat here, -k didn't exist before.
>
>I think that this is your main point (please confirm):
>
> don't support "httpd -k startssl", and instead force the user (or
> apachectl) to run "httpd -k startssl -DSSL"
err... still a bit redundant, httpd -k start -DSSL should suffice [I'm pretty
sure that's what you ment to ask :-]
>One issue that may affect your opinion: historic apachectl verbs are
>to be considered deprecated; the vision is that apachectl is just a
>wrapper script whose user interface is the same as httpd. Thinking
>long-term (e.g., Apache 2.1 or whatever), would you want the user to
>have to do
>
> httpd -k start -DSSL
Yes. How many other server modules [protocols especially, such as
pop3 and so on] will beg the same. It's bogus.
If you configure your machine for SSL, then run it as SSL already!!!
Why are we trying to say "you've installed and configured SSL, so now
you have to turn it on explicitly everytime you start up." Which most
will take as meaning "I have apache2 installed, so now all I need to do
is to startssl and everything will work."
Either the user installs and configures SSL correctly or they don't,
I still don't see a benefit in this switch.
Uncommenting and Commenting Out our Include ssl.conf should suffice,
no?
And if a user wants to use the 'classic' mode of toggling a variable
[I did so very often when testing both jserv and tomcat, used -D JSERV
and -D TOMCAT for that purpose since they can never load together],
then do it explicitly before we start seeing -k starttomcat patches popping
up everywhere.
At 10:57 AM 5/24/2002, JimJag wrote:
>But there are tons of configs out there with the IfDef SSL directives
>in their httpd.conf file that want/expect/require that SSL
>is "defined"
Apache 2.0 config files? "Tons" of them? Really :-?
Seriously, dump the <IfDefine>. For most cases these should really be
<IfModule mod_ssl.c> entities instead anyways. Only the load module
itself aught to be caught in an <IfDefine SSL>.
I fail to see how setting up ssl in Apache 2.0 should differ from setting up
mod_pop3, mod_mbox, mod_jk or any other module.
Bill
Re: [PATCH] simplified apachectl that passes through options to httpd
Posted by Jeff Trawick <tr...@attglobal.net>.
"William A. Rowe, Jr." <wr...@rowe-clan.net> writes:
> At 06:20 AM 5/24/2002, you wrote:
> >Cliff Woolley <jw...@virginia.edu> writes:
> >
> > > On 23 May 2002, Jeff Trawick wrote:
> > >
> > > > Existing apachectl keywords are still supported for now (except for
> > > > some alternate spellings of "startssl" -- whats up with that stuff?).
> > >
> >
> >sslstart|start-SSL)
> > $HTTPD -k startssl
> > ERROR=$?
> > ;;
> >
> >(well, I'm calling anything but "startssl" an alternate spelling; I
> >dunno what came first, but it is "-k startssl" which httpd supports)
>
> Can I ask WHY? -k has never supported anything but start/stop/restart
> and has always required a seperate -D SSL argument on Win32.
>
> I see the advantage of a simple apachectl doit verb that includes ssl.
> However, overloading -k start -D SSL with -k startssl seems outright
> silly. We can't argue back-compat here, -k didn't exist before.
I think that this is your main point (please confirm):
don't support "httpd -k startssl", and instead force the user (or
apachectl) to run "httpd -k startssl -DSSL"
One issue that may affect your opinion: historic apachectl verbs are
to be considered deprecated; the vision is that apachectl is just a
wrapper script whose user interface is the same as httpd. Thinking
long-term (e.g., Apache 2.1 or whatever), would you want the user to
have to do
httpd -k start -DSSL
instead of
httpd -k startssl
?
--
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...