[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Openvds-devel] The port 80 problem
From: |
Chris Fulton |
Subject: |
Re: [Openvds-devel] The port 80 problem |
Date: |
14 Dec 2001 02:41:32 -0800 |
Simon,
add this line to httpd.conf (in each vhost):
Port 80
(or Port 443)
and leave Canonical On
Then your server will rewrite proper urls to port 80.
On Thu, 2001-12-13 at 21:06, Simon Garner wrote:
> Hi,
>
> I've decided that binding Apache to port 8080 and using iptables to forward
> port 80, to enable Apache to be started as non-root, is not at all
> satisfactory, for the following reasons:
>
> 1) Apache insists on using port 8080 when generating self-referencing URLs
> (even with UseCanonicalName off). This has the following effects:
>
> a) Typing directory names without the trailing slash redirects the user
> to domain.dom:8080. I have a client who has an admin page for their site in
> a directory called /maintain which is protected with HTTP basic
> authentication. If they type the URL http://www.foobar.dom/maintain in their
> browser, they are prompted for the password, then redirected to
> http://www.foobar.dom:8080/maintain/ and prompted for the password again,
> which is somewhat irritating.
>
> b) Some third-party PHP and CGI scripts generate self-referencing URLs
> based on the SERVER_NAME and SERVER_PORT environment variables, which again
> gives domain.dom:8080.
>
> These can be worked around, e.g. by telling users to type the trailing
> slash in the first place, but I'm not happy selling a product with quirks
> like this.
>
> 2) There's the possibility the Port 8080 setting in httpd.conf may confuse
> some users. They may try to "fix" it by changing the setting to Port 80,
> thus breaking their server.
>
> 3) The port forwarding only works for traffic originating from other hosts,
> not the host server or virtual servers on that host server (as discussed
> previously). Some users may wish to access their site using e.g. lynx or
> wget while ssh'd into their virtual server, and find it does not work. This
> will require explaining to users the workings of the port 8080 forwarding
> and asking them to connect to their site on port 8080. I imagine this will
> appear as a bit of a "kludge" to them, and reduce their confidence in the
> service.
>
>
> The solution? Well, Idaya's process capabilities patch for Apache sounds
> great (although who knows if they'll share it with us?), but that is not
> available yet and I need to resolve this issue now.
>
> I noticed that included with freeVSD is a patch for linux-2.2.19 which
> changes the port binding restrictions in the linux kernel, to enable any
> user to bind to ports 80 and 443.
>
> I've modified this patch to make it work with linux-2.4.16. You can find the
> new patch file here if interested:
>
> http://www.expio.co.nz/~sgarner/freevsd/linux-2.4.16-vsd.patch.txt
>
> Regards,
>
> Simon Garner
>
>
> _______________________________________________
> Openvds-devel mailing list
> address@hidden
> http://mail.freesoftware.fsf.org/mailman/listinfo/openvds-devel
- [Openvds-devel] Is FreeVSD still open source?, Dave Cost, 2001/12/12
- RE: [Openvds-devel] Is FreeVSD still open source?, Clint Nelissen, 2001/12/13
- [Openvds-devel] The port 80 problem, Simon Garner, 2001/12/14
- Re: [Openvds-devel] The port 80 problem,
Chris Fulton <=
- Re: [Openvds-devel] The port 80 problem, Simon Garner, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Marcos Rubinstein, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Simon Garner, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Marcos Rubinstein, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, RoseHosting Admin, 2001/12/14
- RE: [Openvds-devel] The port 80 problem, Dave Cost, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Simon Garner, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Urivan Saaib, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Simon Garner, 2001/12/14
- Re: [Openvds-devel] The port 80 problem, Urivan Saaib, 2001/12/14