On Tuesday 25 February 2014 22:41:29 Lennart Poettering wrote: > On Tue, 25.02.14 15:49, Stephen Gallagher (sgallagh@xxxxxxxxxx) wrote: > > For example, I might have > > > > http://reviews.myserver.com/systemd-reviews/ > > http://reviews.myserver.com/networkmanager-reviews/ > > http://otherreviews.myserver.com/ > > But a vhost is not a systemd concept, it's entirely foreign to it. It > does not track it, maintain it, introspect it, know it. We really > shouldn't turn systemd into something that can manage things that are > inherently private property of other packages. Indeed. <grief> Actually, demultiplexing different applications should conceptually be at the port level (e.g: IRC/FTP/SSH/etc), potentially with pervasive service discovery for dynamic port assignment. This would have made web applications a first class citizen where it would be trivial to run multiple instances of the same/different applications under generic OS supervision (systemd), with all the benefits that come with it: * Privilege separation to different users (without risking SuExec) * Separate resource limits. * Separate chroots. * User initiated web-applications (on non-privileged ports). * What's not... However, over the years, the proliferation of NAT + firewalls basically killed everything but the venerable ports 80/443 -- maybe in IPv8 they would drop the src/dst port numbers from the protocols ;-) As a result, totally different application protocols and sites are multiplexed on these ports and can only be separated by parsing http headers. This limitation makes it the "private property" of the http server :-( We could have a kernel mechanism to parse the GET/POST/... urls and map them to some dynamically registered local port number (similar to netfilter). OTOH, do we want *more* parsing code inside the kernel? (probably not). Oh well, we can't fix it all -- httpd is the "kernel" for web-applications with all the trust, resource allocation and management issues that goes with it. </grief> -- Oron Peled Voice: +972-4-8228492 oron@xxxxxxxxxxxx http://users.actcom.co.il/~oron Real programmers confuse halloween and christmas because OCT 31 = DEC 25. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
