Re: Make Apache react more graceful to SSL errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Agree with Michael,

My start/stop scripts all now do a configtest before trying to stop/start apache - this way I never have no service if something goes wrong!

I do have a forcestop which will stop an apache if the config is wrong - as a last resort!

James

On 01/05/2016 14:27, Michael A. Peters wrote:
On 05/01/2016 06:19 AM, Florian Lindner wrote:
Hello,

in my server configuration users can place their own SSL certificate in
predefined directories. A daily cron script detects them, updates the apache
config and restarts the server.

However, if there is a problem with the certificate or key file, the apache
refused to work altogether.

Is it possible to make apache disable only the problematic vhost instead of
refusing to start?

What you probably need to do is validate the certificates before updating the apache configuration file. The TLS library (e.g. openssl) probably can do that, though I'm not familiar with the specific argument you would need.

Apache also has a check that can test whether or not apache will successfully start, that you can run before restarting the server.

apachectl configtest

I believe is the command.

I'm not sure it tests all the TLS certs but if it doesn't, it is a bug in my mind.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux