Move ssl.conf to main conf directory on EL7 #1543
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is solving a problem with the SSL configuration on a Red Hat-based
OS that results in a duplicate 'Listen 443' statement after a package
update, causing Apache to no longer start.
The mod_ssl packaging ships a default ssl.conf in apache's main conf
dir, that among other things, contains 'Listen 443'.
However, this module puts all the Listen statements in ports.conf
centralized.
Generally this is no problem, because the module would purge the conf
directory. Apache hums along happily -- until the apache package gets
an update and it restores the default ssl.conf into
/etc/httpd/conf.d/ssl.conf as no such file exists by the name on EL7
(the module's ssl.conf goes into conf.modules.d).
Apache will then fail to start with this error until puppet runs again:
Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
The RPM won't overwrite the file if it's changed, but it does put it
back when removed. So to avoid this problem, this change moves the
ssl.conf to the Apache conf dir on EL7. That replaces the one created by
the RPM.
When the package is updated, it won't touch the ssl.conf and apache
will continue to work.
|
Will be red until #1542 is merged |
|
Thanks for the PR, @stbenjam! |
|
@stbenjam would you mind opening another PR with a README update? |
|
Sure, thanks for the merge. Readme PR #1559 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is solving a problem with the SSL configuration on a Red Hat-based
OS that results in a duplicate 'Listen 443' statement after a package
update, causing Apache to no longer start.
The mod_ssl packaging ships a default ssl.conf in apache's main conf
dir, that among other things, contains 'Listen 443'.
However, this module puts all the Listen statements in ports.conf
centralized.
Generally this is no problem, because the module would purge the conf
directory. Apache hums along happily -- until the apache package gets
an update and it restores the default ssl.conf into
/etc/httpd/conf.d/ssl.conf as no such file exists by the name on EL7
(the module's ssl.conf goes into conf.modules.d).
Apache will then fail to start with this error until puppet runs again:
The RPM won't overwrite the file if it's changed, but it does put it
back when removed. So to avoid this problem, this change moves the
ssl.conf to the Apache conf dir on EL7. That replaces the one created by
the RPM.
When the package is updated, it won't touch the ssl.conf and apache
will continue to work.